1. Website Planet
  2. >
  3. Blog
  4. >
  5. The Big Lie in Website Remediation: An insider look at the shady industry of post-breach services
The Big Lie in Website Remediation: An insider look at the shady industry of post-breach services

The Big Lie in Website Remediation: An insider look at the shady industry of post-breach services

Roberto Popolizio Written by: Roberto Popolizio
Most hosting providers promise security… Until something actually goes wrong.

When a website gets hacked, clients are often left with no answers, no help, and no idea how it happened.

According to one study, 81% of ransomware victims who paid the ransom experienced a second attack, often because the root cause was never addressed.

In this exclusive interview by Website Planet, I invited Fabio Assenzio, CMO at Ergonet, one of the leading Italian web hosting providers, to discuss how the industry’s failure to take responsibility inspired them to build an internal remediation team, and how this different, proactive approach has saved their clients’ businesses.

If you rely on your website for revenue and reputation, read on before your next web hosting provider leaves you hanging.

What made you realize most remediation services were broken or unethical?

The vast majority of hosting providers lack any kind of internal team specialized in website remediation after a compromise. Not only is this service rarely included in basic hosting plans, but it’s also uncommon to find it even as a paid add-on.

Some providers have started addressing the problem, but almost all of them outsource the work. That’s a red flag that reveals a deeper problem: these companies don’t have in-house expertise in an area that should be core to their business.

I find it ironic that they heavily market their security, showing off their multi-layered firewalls, OWASP Top 10-compliant Web Application Firewalls, anti-bot systems, spam filters, automated DDoS protection, etc… But when a real incident occurs, they disappear.

Customers are left alone in the most critical moment with no help, no direction, no responsibility taken. Suspending a site after a breach is often the default action, and it’s not always wrong but what comes after that is where the ethical failure begins.

If a hosting provider doesn’t help you during a breach, they’re not your partner. They’re just a vendor.

That’s why Ergonet has built an internal remediation team. We didn’t outsource it. We took ownership.

What really happens behind the scenes when a website gets hacked?

There are usually three reasons a website gets hacked:

  1. Financial gain: malware, phishing, ransomware, spam campaigns.
  2. Resource abuse: using the server for botnets, illegal content, spam relays.
  3. Ideological attacks: hacktivism, which has declined in recent years.
When a hosting provider detects a breach, they typically act fast, but not in the client’s interest. They suspend the site. Again, that’s not always wrong. But then they send a vague message:

“Your site was compromised and we suspended it to protect the server.”

That’s it.

The customer has no data to understand what went wrong, not a clue of what actually happened, no guidance. No forensics. No timeline. So they reach out to a third-party security vendor that has zero information, and receive a rough estimate. That price will often triple once the real scope of the damage is uncovered.

It’s a broken process. And the customer suffers every step of the way.

Why does this problem persist across the industry?

Because of margins and skills.

Most hosting companies operate on razor-thin margins, because their business models are built on volume, not quality. The first year of hosting might cost less than lunch. That makes it financially impossible to justify real security services.

Instead of building long-term customer support, most companies reduce their margins by offering deep discounts up to 80% for 1-4 years, at the end of which the low-cost package becomes premium all of a sudden…

Add to this affiliate programs, SEO, paid ads, which are necessary, of course, and you can see why there’s little or nothing left for hiring and training security talents.

So when a site is hacked, the person answering the support ticket is often not a trained analyst. Just someone following a script. But even a skilled sysadmin might need hours just to identify the root cause of a breach, if he doesn’t get ongoing training or internal tools.

At Ergonet, we’ve taken the opposite approach. We’ve invested in security training and developed custom tools for over ten years. Now, 90% of incidents are resolved by our first-level support. Only the most complex 10% get escalated. That’s how we make the service both fast and sustainable — without rasing costs excessively for the customer.

And more importantly, our clients stay with us.

Which common post-hack solutions actually make things worse?

There are so many bad recommendations out there, it’s almost hard to pick. Here are five that come up all the time:

  1. “Just restore from backup.” But when exactly did the compromise start? Restoring to the wrong point just reintroduces the malware.
  2. “Reinstall the core files.” What if the infection is in a plugin or theme? You’ve done nothing.
  3. “Scan the site with antivirus software.” Most of those tools detect 10–15% of actual threats, at best.
  4. “Install a security plugin.” These tools can help, but they treat symptoms — not root causes.
  5. “Rebuild the website from scratch.” That’s not a solution. That’s defeat.
Let me give you a real example.

We were contacted by a digital agency that manages over 100 domains. Their clients’ sites were being flagged by Google, one after another. Their provider, who was offering a fully managed dedicated server, told them to just restore backups and update plugins.

It didn’t help. The sites got reinfected again and again.

They came to us exhausted and desperate.

In half a day, we identified the real cause: a vulnerability in the cPanel control panel itself. We built a migration plan, moved all their sites to our cloud infrastructure, and cleaned everything up in under two weeks. They’re still one of our most loyal clients.

What’s the “big lie” in post-breach remediation?

“Restore from a clean backup.”

Sounds safe.

Sounds logical.

But it’s completely wrong.

When you restore a backup, you destroy the evidence. You wipe out the logs and timestamps that could help you understand how the breach happened. And without knowing how it started, you have no way to know it won’t happen again.

Proper remediation starts with a forensic backup — capturing the site as-is immediately after compromise — then doing offline analysis. That’s how you trace the vulnerability, fix the root issue, and prevent a repeat attack.

This myth exists because providers abandoned their clients long ago.

They didn’t build systems.
They didn’t train their teams.
They just want to close tickets quickly.

What steps should website owners actually take after a breach?

Here’s what you should do, and what your hosting provider should help you do:

  1. Back up the site immediately. Not a restore, but a snapshot of the compromised state, so it can be analyzed.
  2. Put the site in maintenance mode. This prevents further damage, like spam or phishing. It’s the fastest way to prevent long-term damage, especially to your domain reputation, which affects everything from email deliverability to SEO.
  3. Reach out to your hosting provider. If their answer is, “Sorry, you’re on your own”, you know it’s time to switch.
  4. Contact a security expert, if still needed. Someone who can do forensic analysis, remove the threat, harden the site, and validate it post-cleanup.

Want REAL expert advice when your site is under attack?

Reach out to Fabio Assenzio and the team at Ergonet.

LinkedIn: https://www.linkedin.com/in/fabioassenzio
Website: https://www.ergonet.it/
Email: [email protected]

Roberto Popolizio
Roberto Popolizio
With over 13 years of experience in SEO and managing content websites, he has coordinated over 5000 product reviews and interviews with the biggest names in eCommerce, web hosting, cybersecurity, SaaS, AI, and online marketing, to provide newbies and experts with untapped, actionable insights from the top experts in the industry on how to build and grow websites.

Follow our experts on
Rate this Article
4.3 Voted by 3 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Required Field Maximal length of comment is equal 5000 chars Minimal length of comment is equal 50 chars
0 out of minimum 50 characters
Reply
View %s replies
View %s reply
Related posts
Show more related posts
Reply to
0 out of minimum 50 characters
Complete your reply Complete your comment
The name is too short The name is too long The name contains invalid characters
The email is required The email is incorrect
Thank you, - your comment was submitted successfully!
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
Thank you, , your comment was submitted successfully!

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Thank you for signing up!

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

1 1 1

So happy you liked it!

Share it with your friends!

1 1 1

Or review us on 1

3677168
50
5000
143201616