SiteLock "Malware" on server scam

Discussion in 'Site Security & Legal Issues' started by jilly, Dec 30, 2016.

  1. jilly

    jilly Fan

    928
    550
    +2
    I use A Small Orange hosting company, which I have used for almost 15 years. I noticed the customer support plummeted when the company was sold, but inertia kept me there. However over the past three weeks I have gotten the site shut down twice, and each time ASO sends me this email, saying I have 'malware' on the server, and I need to clean it, and the site will stay down until I clean, and they recommend I use this company they are partnered with, called Site Lock. I spoke with Site Lock, and was immediately put under high pressure sales tactics to buy a 'cleaning' service, and then subscribe to a monthly service to 'keep my server clean'. I didn't agree with this, and didn't buy it, but the server company said they 'fixed' it after I started complaining on twitter, and put my site back up. Then today, I got a message again, saying my site has DoS abuse issues.
    Here's part of the message:
    "
    Hello,

    Unfortunately we're experiencing an issue with your website or account
    and need your help to remedy the situation ASAP. Failing to respond to
    this notice via email or ticket with our Abuse department could lead to
    suspension or termination of your account(s). The following is a
    description of the issue:

    Username: jilly
    Domain: starter.passboards.org
    Host: false
    IP Address: deleted by me in this post
    Abuse Type: DoS Source

    We have discovered malware present on a domain hosted on this account.
    We have temporarily password restricted access to web content on this
    account to prevent access to this malicious data until corrective action
    has been taken. While these restrictions are in place, you will be
    prompted for a username and password when visiting websites on this
    account. The username and password you will use are included below."

    what struck me as weird is, why would you tell a customer paying you over $200 a month that you are going to cancel their service, for something that is a normal, everyday part of hosting? The whole 'urgency' to the issue, and the threat to terminate my account. when I have hosted with them for almost 15 years. sheesh! so something hit my spidey sense, and I googled Site Lock and scam, and got plenty of results. turns out A Small Orange and Site Lock are owned by the same company, EIG, based in India. So my plan is to switch hosting providers. I'm going with a small local company that I know. I am sooo annoyed at this. And annoyed worse that they almost got me and ripped me off for quite a bit of SiteLock scam money.


    and 'malware' or DOS abuse reason, and suspension of the website. It happened again tonight. I spoke with SiteLock but felt the whole idea was wrong, esp. when I paid to have a Clementine managed hosting account that was supposed to handle all security issues. The email threatens to 'terminate my account' if I don't handle this fast enough. For a website hosting company, handling malware on servers seems like it should be part of the job. why would you terminate your customer's steady money flow to you, for a normal issue? the whole pressing and putting a time limit on the issue was what made 'scam' jump out at me.
     
  2. Danielx64

    Danielx64 Developer

    3,323
    607
    +1,389
    I would get a backup right now and run as fast as wild cat. EIG do nothing other than take $$$ out of your hands and run you to the ground.
     
    • Informative! Informative! x 1
    • List
  3. jilly

    jilly Fan

    928
    550
    +2
    thank you!! that's what I'm gonna do. cant believe these scammers. they drive away a steady customer with this crap
     
  4. Danielx64

    Danielx64 Developer

    3,323
    607
    +1,389
    Also when looking for your next host make sure that they are not run/owned by EIG as it wouldn't be any better.
     
  5. jilly

    jilly Fan

    928
    550
    +2
    no, I am using a local service now. no more giant online conglomerate liars. lol here is my tech support chat. ASO sucks!!


    Welcome To Live Chat
    10:23:55 PM
    System
    Kevin O has joined the chat!
    10:24:10 PM
    Kevin O
    Welcome to Live Chat. My name is Kevin, and I would be glad to assist you! :)
    10:24:12 PM
    Kevin O
    How may I assist you today?
    10:27:46 PM
    Kevin O
    Are you with me?
    10:27:55 PM
    jill
    1489-E7UZA
    10:27:55 PM
    jill
    10:28:11 PM
    jill
    trying to ftp to my server
    10:28:46 PM
    jill
    to remove malware per an email I got - but my ftp program is getting a permission denied error on a folder
    10:29:29 PM
    Kevin O
    Which FTP account are you using?
    10:29:42 PM
    jill
    jilly
    10:30:29 PM
    Kevin O
    And which directory are you trying to access?
    10:30:43 PM
    jill
    hold on
    10:31:16 PM
    jill
    /public_html/forums
    10:32:34 PM
    Kevin O
    This is on your medium shared plan for x ?
    10:33:03 PM
    jill
    no
    10:33:11 PM
    jill
    on the dedicated server
    10:33:25 PM
    jill
    for passboards.org
    10:35:03 PM
    Kevin O
    What's the root password for this server?
    10:35:33 PM
    jill
    I'm not sure
    10:35:47 PM
    jill
    where can I log into the root?
    10:36:20 PM
    Kevin O
    In WHM
    10:36:27 PM
    Kevin O
    at http://174.136.13.190:2086/
    10:38:37 PM
    jill
    okay I logged into the root
    10:39:03 PM

    10:41:18 PM
    Kevin O
    That folder is chattered and is unaccessible via FTP
    10:41:42 PM
    Kevin O
    Are you working with our abuse team about this larger issue on the site?
    10:41:45 PM
    jill
    why?
    10:42:21 PM
    jill
    yes, they told me to go to the server and take the malware off. but if i cant get to the folder, how can i find the malware and remove it? lol
    10:42:24 PM
    Kevin O
    Because the abuse team probably did this.
    10:42:50 PM
    jill
    they haven't responded to my email yet.
    10:42:57 PM
    jill
    its been several hours
    10:43:57 PM
    Kevin O
    The abuse team is not working currently
    10:44:05 PM
    Kevin O
    They should respond tomorrow
    10:44:20 PM
    jill
    what?
    10:44:37 PM
    Kevin O
    Have you run the Virus Scanner tool in your cpanel?
    10:44:54 PM
    jill
    i need my permissions restored NOW, so i can fix my site. are you telling me i cant fix my own site until they come back in?
    10:45:00 PM
    jill
    not yet
    10:45:09 PM
    jill
    not yet to the virus scanner tool
    10:45:20 PM
    jill
    let me see if it will run. hold on
    10:45:36 PM
    Kevin O
    Ok
    10:46:42 PM
    jill
    also i am trying to use google webmaster tools, to help me diagnose the malware, but because the site is restricted, i cant run the google malware search
    10:47:13 PM
    Kevin O
    You need to run the Virus Scanner in cpanel to look for malware
    10:48:06 PM
    jill
    okay i am in cpanel - where do i find the virus scanner?
    10:51:08 PM
    jill
    i don't see a virus scanner option
    10:51:52 PM
    Kevin O
    You can use the search bar at the top of the page to locate it
    10:52:05 PM
    Kevin O
    Its under the Advanced header in cpanel
    10:54:46 PM
    Kevin O
    Did you have any other questions for me today?
    10:55:10 PM
    jill
    it is not showing up for me
    10:55:21 PM
    jill
    is it something i would have to enable beforehand?
    10:55:44 PM
    Kevin O
    No this should be in your cpanel
    10:56:17 PM
    Kevin O
    This server must have been setup before this was included as standard software
    10:56:19 PM
    jill
    ok hold on
    10:57:38 PM
    jill
    there is no virus scanner option
    10:57:40 PM
    jill
    10:59:34 PM
    Kevin O
    This server must have been setup before this was included as standard software
    10:59:50 PM
    jill
    yes its old
    11:01:37 PM
    Kevin O
    Unfortunately the only team that can help you with this particular issue is our abuse department. Abuse issues are very serious and have to be handled exclusively by them. I'd advise that you send an email response again containing any questions that you have about this directory and the malware issue.
    achatserver.asmallorange.com_img_cancel_off.png achatserver.asmallorange.com_img_star_off.png achatserver.asmallorange.com_img_star_off.png achatserver.asmallorange.com_img_star_off.png achatserver.asmallorange.com_img_star_off.png achatserver.asmallorange.com_img_star_off.png
     
  6. Drastic

    Drastic Habitué

    1,151
    192
    +604
  7. zappaDPJ

    zappaDPJ Administrator

    5,639
    1,212
    +4,046
    The number of hosting companies owned by EIG is becoming quite alarming, it's now more than one hundred and includes HostGator, Bluehost, Hostmonster and JustHost. All these companies have suffered many protracted, well documented outages since their acquisition and on top of that there's SiteLock. Google will tell you just how deep that rabbit hole goes.
     
Verification:
Draft saved Draft deleted