- Bluehost.com trusted by 1,000,000 domain owner.
- Unlimited storage space, unlimited bandwidth transfer.
- Bluehost 24/7 support, live chat support, toll free phone.
- Host up to 999 unique websites. Free domain name.
- Cpanel with fantastico. Blog, ecommerce, RoR, Joomla, Drupal, forum.
- Email, ftp, subdomain, 100 MySQL, PHP 5, FastCGI.
- Bluehost Coupon: Blue Host Coupon $6.95/mth $3.95/mth
- Bluehost Discount: Blue Host Discount $6.95/mth $3.95/mth
** This Bluehost Review is hosted with Bluehost Hosting.

   

Bluehost website got hacked?

Bluehost Problem Add comments

Recently I had seen more bluehost users posted in bluehost forum, stating that their bluehost hosted website had been hacked. Various Bluehost web site hacking had been reported, which including .htaccess redirection to hacker site, modification of php.ini files, insertion of HTML content into index.html, iframe embeding into index.html webpage, etc.

This is a major concern for me as well, if there is any vulnerability in bluehost server, I would like the bluehost support team to get it patched. If we think from bluehost side, bluehost support team is excellent in maintaining a good hosting server. There is no doubt for cPanel security and safety as well. At this point, I assume bluehost support had performed the necessary server maintenance and taken the security measures.

Over 90% of website hacked is caused by weak user account login and password. The remaining reason this caused by the party website script that is vulnerable and having security hole. For an example, a hacker can exploit your textbox or web-form and injected SQL into your database, or they can inject HTML code into your web files. Another entrance for hackers is through FTP login, once they gain access, they will be able to change your web files in any means.

Thus, is important to secure your own hosting account and as well your ftp login. Make sure your password is 8 Character long and having combination of alphanumeric, Numbers, and symbol. safeguard your own login information. Finally, make sure your website script is updated with the latest version of script released. These are the best way to protect your website from being attacked again.

Bluehost Coupon $3.95

10 Responses to “Bluehost website got hacked?”

  1. Bluehost problem lately? Says:
    October 19th, 2008 at 9:17 am

    [...] http://www.bluehostreview.org/bluehost-website-got-hacked/ Share or Bookmark This [...]

  2. security_guy Says:
    November 9th, 2008 at 3:30 pm

    Level 3 techs (Adam, Brandon, and Rick) have confirmed that if you use php with the fast-cgi option,, that certain *VERY IMPORTANT* functions in your php.ini files will NOT be processed (but not give an error), including (but not limited to):
    disable functions
    open_basedir
    which can make it a lot easier to have your site hacked. I wonder if this contributed to your problems.

    So, you can’t turn off the following via your php.ini (and I don’t know any other way to disable these while using fast-cgi — Bluehost’s only suggestion is to go back to standard php and put a php.ini in every directory — unverified yet if all php.ini functions work properly this way). This somewhat contradicts their marketing, which I’ve tried to point out to them, without a lot of resposne. Functions you can’t disable when using fast-cgi include:
    allow_url_fopen = off; doesn’t work
    allow_url_include = off; doesn’t work
    register_globals = Off; doesn’t work

    But more importantly, when I tried to disable functions or limit script execution, there was no log error or other indication of php.ini not working, EXCEPT that when I tried to hack my own site a bit, I was able to execute functions that had supposedly been disabled!! Very, very bad!

    Better to throw an error during php parsing or at least warn about this issue on the php handler web setup page (where you select regular php or fast-cgi) than to leave users with a false sense of security.

    Despite several Level 1 techs denying these problems, when you finally get to a “senior, Level 3″ tech, they confirm that Bluehost knows of these problems, and there’s no ETA to have them fixed, but I just wish that they’d be more honest with users instead of risking having sites hacked by having these functions unwittingly still enabled.

    My recommendation: until these problems are fixed, do not use fast-cgi with your php on Bluehost until they show this as fixed, or you are making it easier for your site to be hacked.

  3. Unhappy Bluehost Customer Says:
    November 30th, 2008 at 6:10 pm

    Bluehost is a joke of a company. How can the entire public_html, mail, even .trash, and .temp be deleted by a hacker?

  4. cel paper Says:
    February 22nd, 2009 at 6:47 am

    I have hosted few my sites on bluehost . But almost them were hacked recently. This is a company with very low security. I came to know most of clients site of blue host were hacked. I am going to change hosting plan to any other server.
    I am strongly advice all NOT TO PUBLISH you site with BLUE HOST.

  5. Amjad Sheikh Says:
    September 17th, 2009 at 4:34 am

    I was with blue host since 2006, when they were not that big. and quite good.

    I found my account suspended yesterday.I called them and they opened my ftp access. I discovered few folders on my site with php files. i have never seen them before, no idea from where they came.
    Anyway after sending them an email they send me a huge check list. I spend 10 hours checking my site via that list. and once i told them i am done, they replied sorry for the misunderstanding. your account is permanently banned, what a joke.

    Basically they blame me for hacking. or using a non secure program.

    So any of you wants to try bluehost? be careful!
    BTW to cheat people more, they are using 2 other hosting companies as well by using same system and people.

    bluehost.com
    hostmonster.com
    fastdomain.com

    (visit above sites, and check their postal address)

  6. Bluehost Review Says:
    September 17th, 2009 at 6:39 am

    bluehost & hostmonster & fastdomain are the same company, we had blogged about it some time ago at here http://www.hostmonsterreview.org/hostmonster-vs-bluehost-vs-fastdomain

  7. carl callewaert Says:
    December 22nd, 2009 at 3:30 pm

    my account get hacked all the time too, i am tired of it. the support is not good.
    I just have some simple html file on my website and our emails account get hacked all the time.

  8. Bluehost Review Says:
    December 23rd, 2009 at 10:46 am

    hi Carl,

    hacker usually attack via web forms or even contact us page… always make sure the html codes are secure. We highly recommend you use joomla cms scripts for personal or business site creation. Its secure.

    Also, regarding account access and security, you have to login cpanel, get the password change, email password change and ftp login password change too. These three password should use secure password combination too.

  9. Becky Says:
    December 29th, 2009 at 11:07 pm

    Just had 10 sites in one bluehost account hacked by Saudi Arabia hacker. My web guy thinks they must have come in through the server, not through my wordpress code.

    Anyone have a better host to suggest?

    Thanks.

  10. Becky Says:
    December 31st, 2009 at 8:15 am

    Sites also included Joomla sites, which really makes me think its a server weakness.

Leave a Reply


10 Most Recent Posting