Recently I had seen more bluehost users posted in bluehost forum, stating that their bluehost hosted website had been hacked. Various Bluehost web site hacking had been reported, which including .htaccess redirection to hacker site, modification of php.ini files, insertion of HTML content into index.html, iframe embeding into index.html webpage, etc.
This is a major concern for me as well, if there is any vulnerability in bluehost server, I would like the bluehost support team to get it patched. If we think from bluehost side, bluehost support team is excellent in maintaining a good hosting server. There is no doubt for cPanel security and safety as well. At this point, I assume bluehost support had performed the necessary server maintenance and taken the security measures.
Over 90% of website hacked is caused by weak user account login and password. The remaining reason this caused by the party website script that is vulnerable and having security hole. For an example, a hacker can exploit your textbox or web-form and injected SQL into your database, or they can inject HTML code into your web files. Another entrance for hackers is through FTP login, once they gain access, they will be able to change your web files in any means.
Thus, is important to secure your own hosting account and as well your ftp login. Make sure your password is 8 Character long and having combination of alphanumeric, Numbers, and symbol. safeguard your own login information. Finally, make sure your website script is updated with the latest version of script released. These are the best way to protect your website from being attacked again.
10 Responses to “Bluehost website got hacked?”
Leave a Reply
10 Most Recent Posting
- Self-signed SSL cert for your web hosting account
- Joomla, Drupal and Mambo CMS hosting at bluehost cpanel hosting
- Bluehost vs Justhost – Compare Bluehost Justhost
- Bluehost hosting with free merchant account
- Bluehost hosting with link building robot free service
- Bluehost marketecture ecommerce shopping cart
- Web Hosting Blog vs. Web Hosting Forum
- Start your social network site with Pligg CMS open source script
- Bluehost b2evolution blogging site setup installation
- Bluehost vs Inmotion Hosting – Compare Bluehost Inmotion cPanel Hosting


October 19th, 2008 at 9:17 am
[...] http://www.bluehostreview.org/bluehost-website-got-hacked/ Share or Bookmark This [...]
November 9th, 2008 at 3:30 pm
Level 3 techs (Adam, Brandon, and Rick) have confirmed that if you use php with the fast-cgi option,, that certain *VERY IMPORTANT* functions in your php.ini files will NOT be processed (but not give an error), including (but not limited to):
disable functions
open_basedir
which can make it a lot easier to have your site hacked. I wonder if this contributed to your problems.
So, you can’t turn off the following via your php.ini (and I don’t know any other way to disable these while using fast-cgi — Bluehost’s only suggestion is to go back to standard php and put a php.ini in every directory — unverified yet if all php.ini functions work properly this way). This somewhat contradicts their marketing, which I’ve tried to point out to them, without a lot of resposne. Functions you can’t disable when using fast-cgi include:
allow_url_fopen = off; doesn’t work
allow_url_include = off; doesn’t work
register_globals = Off; doesn’t work
But more importantly, when I tried to disable functions or limit script execution, there was no log error or other indication of php.ini not working, EXCEPT that when I tried to hack my own site a bit, I was able to execute functions that had supposedly been disabled!! Very, very bad!
Better to throw an error during php parsing or at least warn about this issue on the php handler web setup page (where you select regular php or fast-cgi) than to leave users with a false sense of security.
Despite several Level 1 techs denying these problems, when you finally get to a “senior, Level 3″ tech, they confirm that Bluehost knows of these problems, and there’s no ETA to have them fixed, but I just wish that they’d be more honest with users instead of risking having sites hacked by having these functions unwittingly still enabled.
My recommendation: until these problems are fixed, do not use fast-cgi with your php on Bluehost until they show this as fixed, or you are making it easier for your site to be hacked.
November 30th, 2008 at 6:10 pm
Bluehost is a joke of a company. How can the entire public_html, mail, even .trash, and .temp be deleted by a hacker?
February 22nd, 2009 at 6:47 am
I have hosted few my sites on bluehost . But almost them were hacked recently. This is a company with very low security. I came to know most of clients site of blue host were hacked. I am going to change hosting plan to any other server.
I am strongly advice all NOT TO PUBLISH you site with BLUE HOST.
September 17th, 2009 at 4:34 am
I was with blue host since 2006, when they were not that big. and quite good.
I found my account suspended yesterday.I called them and they opened my ftp access. I discovered few folders on my site with php files. i have never seen them before, no idea from where they came.
Anyway after sending them an email they send me a huge check list. I spend 10 hours checking my site via that list. and once i told them i am done, they replied sorry for the misunderstanding. your account is permanently banned, what a joke.
Basically they blame me for hacking. or using a non secure program.
So any of you wants to try bluehost? be careful!
BTW to cheat people more, they are using 2 other hosting companies as well by using same system and people.
bluehost.com
hostmonster.com
fastdomain.com
(visit above sites, and check their postal address)
September 17th, 2009 at 6:39 am
bluehost & hostmonster & fastdomain are the same company, we had blogged about it some time ago at here http://www.hostmonsterreview.org/hostmonster-vs-bluehost-vs-fastdomain
December 22nd, 2009 at 3:30 pm
my account get hacked all the time too, i am tired of it. the support is not good.
I just have some simple html file on my website and our emails account get hacked all the time.
December 23rd, 2009 at 10:46 am
hi Carl,
hacker usually attack via web forms or even contact us page… always make sure the html codes are secure. We highly recommend you use joomla cms scripts for personal or business site creation. Its secure.
Also, regarding account access and security, you have to login cpanel, get the password change, email password change and ftp login password change too. These three password should use secure password combination too.
December 29th, 2009 at 11:07 pm
Just had 10 sites in one bluehost account hacked by Saudi Arabia hacker. My web guy thinks they must have come in through the server, not through my wordpress code.
Anyone have a better host to suggest?
Thanks.
December 31st, 2009 at 8:15 am
Sites also included Joomla sites, which really makes me think its a server weakness.