HostGator Takes My Sites Offline – Admits Their Fault
I used to be a big fan of HostGator, up until they were bought out by EIG. It was how I first learned about EIG and the evil they are in the hosting world. I migrated all my important sites away from HostGator after all their reseller accounts went offline. The only thing left were some bullshit affiliate sites, mainly those that were against the TOS of other hosting providers for various reasons. I used to play around with shady blackhat internet monetization techniques, so what? I’m all whitehat about it anymore so get over it.
It was a stupid shared account with a couple of those projects that got locked up. None of the sites were really profitable, but there was still content and stuff on them and I wanted to know what the issues were. It was a very confusing ticket that got generated by HostGator:
The Original Complaint Ticket
JES-39333793 | TOS/Mail :: gator4100
October 09, 2015 at 04:57 AM
Hello, Our Abuse department has received a report regarding malware being hosted on an account under your control. We have disabled mysql access for your account to prevent further complaints, and have provided a list of the reported content.
In order to remove the restrictions weve placed, you must resolve the security issue and remove what malicious content was listed. Please note that repeated reports of malicious content on your account within 60 days of an initial notice will lead to further action being taken, including permanent suspension after failing to professionally clean the account.
Once you have taken steps to secure your account of the reported content, please reply back to this ticket to request review. If you have any need of clarification or additional concerns regarding this issue, please let us know! You can reach us by replying to this ticket, using our online Live Chat ( https://chat.hostgator.com ), or by calling our Live Phone Support (1-866 964-2867) or internationally at 011-1-713-574-5287. Our associates are available 24 hours a day 7 days a week, and we will be more than happy to assist you at any time.
Warm Regards,
Johnny M.
Linux Monitoring Administrator
Hostgator.com LLC
http://support.hostgator.com
After the issue was “resolved” here was their follow-up:
October 14, 2015 at 11:05 AM
Hello, I apologize as it does appear that this ticket appears to have been created in error. We have removed the mysql restrictions placed on the account. Please let us know if you require any further assistance.
Andrew N
Security Supervisor
As you can see, my account was down for 5 days due to this, and it was all “Created in error” by HostGator. These sites weren’t that important, but I still spent a good 10+ hours dealing with HostGator, Sitelock and trying to figure this stuff out. I also ended up paying for the Sitelock service that I didn’t need.
My Initial Reaching Out To HostGator: Hurry Up and Wait
It would be a whole lot more understanding of all this, if HostGator was able to provide me some initial information about what was going on. In fact, they didn’t react at all until I actually signed up for SiteLock. SiteLock must have taken a look at my CPanel and reached out to HostGator calling them out as well. The initial responses I got were very rude and unhelpful:
3:44:30 PM Miranda RWelcome to live chat. My name is Miranda. I’ll be glad to assist you today.
3:44:40 PM Nathan HammondJES-39333793 | TOS/Mail :: gator41003:44:55 PM Nathan HammondCould I get the list of affected domains / complaints and know the steps to getting things resolved?3:45:49 PM Miranda ROne moment please.3:49:14 PM Miranda RThank you for the patience.3:53:32 PM Miranda RSorry for the delays, I am seeing some discrepancies with the ticket, I am trying to gather information for you.3:58:11 PM Miranda RFrom what I am seeing, the database may have been compromised which is what could have caused the issue.3:58:46 PM Nathan HammondWhat domain? Could I get the other ones restored?4:00:28 PM Miranda Rvotepedia.us is the one that seems to have the issue4:01:24 PM Nathan HammondThat’s an old domain and it’s not even registered anymore……4:01:28 PM Miranda RFor these types of issues, I would suggest to contact SiteLock to remove the malicious content.4:02:42 PM Nathan HammondIn the interim, is there anyway I could move the non-affected domains and databases to a different web host?4:03:22 PM Miranda RThe account would have to remain restricted until changes are made to remove the affected content.4:03:24 PM Nathan HammondAnd could you tell me what database is affected? Or are all of them compromised?4:03:49 PM Nathan HammondIf it’s not an important one, I’ll just delete it.4:04:14 PM Nathan HammondOr modify the php file so the database is broken4:06:58 PM Miranda RThe information I have is the affected domain, not an exact database. If you would like more information an exact database, you can reply to the ticket for the exact database name.4:07:23 PM Nathan HammondWhat domain? Finding the database would be easy enough4:07:38 PM Miranda Rvotepedia.us is the one that seems to have the issue4:08:27 PM Nathan HammondHow the hell can that domain be a malware threat? It’s not even registered!whois.com/whois/votepedia.us 4:09:29 PM Nathan Hammondit’s an old domain and an old project that doesn’t even exist anymore.4:09:58 PM Miranda RIf there are still files and databases in the cPanel, it could be compromised.4:11:14 PM Nathan HammondOkay, first glance I’m not seeing files…..4:13:22 PM Nathan HammondSo I updated the ticket asking for the actual database. Now can you tell me the actual database?4:13:37 PM Nathan HammondAlso, *WHAT* here the discrepancies in the ticket you mentioned?4:13:54 PM Miranda RThis would need to be reviewed by an Administrator and they will provide that in a response.4:14:11 PM Miranda RIt was labeled a mail ticket but the issue is with MySQL4:15:08 PM Nathan HammondHow do I expedite the situation? Getting loud on Twitter usually works…..4:16:01 PM Miranda RThe ticket is open and in an escalated queue at this time. When an Administrator locates the database, they will reply with the information so you can move forward.4:16:52 PM Nathan Hammond“Our Abuse department has received a report regarding malware being hosted on an account under your control. We have disabled mysql access for your account to prevent further complaints, and have provided a list of the reported content.”4:17:01 PM Nathan HammondWhere is this “list of the reported content”?4:17:27 PM Miranda RThis will be supplied in the ticket response from our Administrators.4:17:57 PM Nathan Hammond……Does the list not exist? The ticket itself makes it seem like the list was supposed to be supplied to me4:20:54 PM Miranda RI’ve noted that you’re requesting additional information as the ticket is a bit unclear at this time.4:21:14 PM Nathan HammondThe whole thing is incredibly unclear…….4:21:29 PM Miranda RI apologize for that.4:22:31 PM Nathan HammondTime to go tweet out A2 Hosting affiliate links to everyone else who’s pissed off at HostGator support. I guess I’ll go start transferring my other domains from the hosting accounts that I can actually access4:22:40 PM Miranda RSince the ticket is open at this time, I would await a response, and if you have any other information you’d like to add to the ticket, come back to chat and we can add notes for you.4:23:16 PM Nathan Hammondlocking the SQL due to something malicious is understandable, but not being able to provide this kind of information I’m requesting is outrageous. I forgave you when all your reseller accounts went down, but this is bullshit
4:23:42 PM Miranda RFeel free to send an email to feedback@hostgator.comregarding this issue.
So already we’ve got HostGator admitting that the ticket itself is funky. They can’t provide me any details because an Administrator is required. You can see them trying to refer me to SiteLock, which has been their go-to solution up until I registered for SiteLock. At that time, they admitted there was nothing wrong, which I’ll get to at the end…..I still need to highlight *ALL* of HostGator’s shortcomings first….
HostGator Apology Without Any Resolve
So, as per the advice given to me by Miranda, I email the Feedback Department, basically copy / pasting the chat transcript. Here’s what I get back:
Hello Nathan,
My name is Tianna and I am contacting you as part of the HostGator Customer Service team. We work directly with every department in the company to ensure the excellence of our customer’s experience. I would like to extend my sincerest apologies for the frustration you’ve experienced.
Regarding your security ticket, our Security administrator’s request that you have your account cleaned to have the restriction removed. Unfortunately, there are no further workarounds as we no longer offer free Security cleanings. It is for the security of the server that we ask for the account to be cleaned before the restrictions are removed. After your account is cleaned please reply to your Security ticket so it can be further reviewed.
We understand that having a website with malware puts you in a sensitive spot, and that is why we suggest you use SiteLock. However, this is merely a suggestion and not a mandatory service. You are welcome to go through any company you choose to have the malware cleaned from your websites. However, we recommend SiteLock as it is a well known and trusted company. You may also want to check out https://sucuri.net/ to compare pricing for your needs.
Unfortunately, because of a number of factors, we have made changes in our current security policy and practices and will be unable to assist with the investigation into the possible compromise. We would have preferred to provide more advanced notice to our customers, but unfortunately this was not a feasible option once it was decided that it would have to be put into place promptly within our company. We do understand that this is unexpected and genuinely regret the inconvenience, and any frustration that this might have caused you.
We are very disappointed in the level of support and the helpfulness of the agents that you spoke with. The feedback youâve provided will not affect the agent negatively, nor do we view your response to the matter in a negative light. The ultimate goal here, is to improve upon our services, and we can’t do that if we turn a deaf ear on constructive criticism of how our agents respond to our clients on basic issues such as the one presented. Our agents will only learn and grow from feedback like this, and it is both welcomed and appreciated.
Again, I would like to extend my sincerest apologies for any inconvenience. If you have any other concerns please let me know by replying to this ticket and I will get back to you as soon as possible. You can also reach out to our support by calling 1-866-964-2867, or using our live chat at https://chat.hostgator.com/
Best regards,
Tianna S.
Customer Service Manager
So we have HostGator admitting that their support service is bullshit. We also have HostGator stating that SiteLock isn’t a mandatory requirement, just a suggestion, even though I’m being strong-armed for files and databases, which I would call both mandatory and extortion.
This is even more bullshit when you know ahead of time that there was nothing wrong to begin with and it’s all HostGator’s fault to begin with.
I respond back with; “Trying to reach out to support is no good, I already tried that, as per the last email”. A short while later I get this response:
Hi Nathan,
This matter was brought to my attention earlier by Tianna, and I wanted to ensure you knew we’re doing what we can to investigate this. I’m some what flabbergasted by the ticket’s lack of content or even clarity for that matter. While the chat agent definitely failed to get your situation escalated, which will be addressed directly with their supervisor, I also wanted to make sure you were aware this will be resolved for you. Looking at the ticket itself, I’m immediately confused as to what the abuse complaint actually related to given the subject says one thing(Mail) and email another(SQL). That too will be addressed with our admin team as the ticket is basically useless to you. I’m currently working with a supervisor over that admin team, and going through the servers CLI history to try and determine what exactly the admin was after. Once we’ve got further details we’ll provide you an update in the TOS ticket, and hopefully get this resolve d with as little haste as possible.
Additionally, I wanted to comment about your zero rating comment. I apologize for the headaches this has caused and though we’re certainly a much different company under our parent company Endurance, it is worth noting our entire management team is still here fighting to keep our reputation as intact as we can. We’ve definitely gone through a lot of changes the past few years with Endurance, and as we become more sustainable financially with better footing across the board, we’ve also become more efficient and are finally coming out of the woods with our support troubles, which our support metrics show once and for all. I realize that may seem pretty far fetched after this ticket and chat, but I do look forward to resolving this for you and hopefully showing that we are here trying to get back to the prior expectation we’d set as the privately owned Hostgator.com. Sorry again for the troubles, but if you have any questions as we work to address this mess please let me know!
Best Regards,
Joshua Martin
Director of Customer Engagement
http://support.hostgator.com/
HostGator.com | 1.866.96.GATOR (42867)
Follow us at: @HGSupport @Hostgator
So this is the one response I like for a lot of reasons:
A) An EIG-owned company admits they went to shit after being acquired by EIG. Even EIG realizes that they suck at life and are willing to admit it.
B) HostGator finally admitted that the ticket was confusing, non-helpful and not comprehensible.
And Now I Sign Up For SiteLock
As per the advice of HostGator, I register with SiteLock. It was right after I registered for SiteLock that I got the message that nothing was wrong with my account to begin with. This leads to the conspiracy theory; Is HostGator (and EIG for that matter) in-bed with SiteLock? Is HostGator doing this to multiple people to get force them into registering for SiteLock before removing bullshit restrictions that shouldn’t have been put in place to begin with? I’ve done a lot of digging and my next blog post is going to be great 😉
SiteLock was a horrible experience and I don’t have any respect for that company. This whole situation makes me believe that there is a backroom deal and conspiracy between HostGator and SiteLock that now appears to be all of EIG and SiteLock, but that blog post is coming soon! 😉 You can read about my horrible experience with SiteLock by reading the linked-to article.
How Did HostGator Detect There Wasn’t Any Malware?
It’s stated multiple times that HostGator isn’t able to go in and scan my files or SQL. So if they’re not able to detect malware, how did they finally realize that there wasn’t any malware to begin with? The fact that they were suddenly able to figure out that my site never contained malware to begin with is completely contradictory to the lies they’ve been spoon-feeding me through this entire event.
Apparently HostGator is lying about their capabilities to perform scans and detect malware in the first place. If they’re not lying:
A) How did they detect the malware in the first place? Doesn’t this require some form of malware scanning / detection?
B) How did they find out there was never any malware to begin with? Doesn’t this also require the ability to scan and detect malware, or lack of, in my particular situation?
Either way, the easy conclusion is that HostGator is a bunch of liars.
My Suggested HostGator Alternatives
PLEASE NOTE: None of these companies are owned by EIG! I would never do the mis-favor of recommending an EIG-owned company to anyone! So don’t worry 😉
A2 Hosting – I love A2. It came highly recommended by a bunch of local web developers / IDX and Javascript gurus. This is who I personally switched from HostGator to and I love them. They’ve got a feature called Server Rewind that can help in any event that might have compromised one or multiple sites, helping prevent situations like this from happening.
SiteGround – Note: I haven’t tried them but they came recommended by people I trust! This is the other company that came highly recommended by a bunch of local developers I trust. I ended up going with A2 instead of them, but they were going to be my second choice. I can’t personally recommend them based on my experiences, but I do trust every single person who told me to check them out.