Recently I had seen more bluehost users posted in bluehost forum, stating that their bluehost hosted website had been hacked. Various Bluehost web site hacking had been reported, which including .htaccess redirection to hacker site, modification of php.ini files, insertion of HTML content into index.html, iframe embeding into index.html webpage, etc.
This is a major concern for me as well, if there is any vulnerability in bluehost server, I would like the bluehost support team to get it patched. If we think from bluehost side, bluehost support team is excellent in maintaining a good hosting server. There is no doubt for cPanel security and safety as well. At this point, I assume bluehost support had performed the necessary server maintenance and taken the security measures.
Over 90% of website hacked is caused by weak user account login and password. The remaining reason this caused by the party website script that is vulnerable and having security hole. For an example, a hacker can exploit your textbox or web-form and injected SQL into your database, or they can inject HTML code into your web files. Another entrance for hackers is through FTP login, once they gain access, they will be able to change your web files in any means.
Thus, is important to secure your own hosting account and as well your ftp login. Make sure your password is 8 Character long and having combination of alphanumeric, Numbers, and symbol. safeguard your own login information. Finally, make sure your website script is updated with the latest version of script released. These are the best way to protect your website from being attacked again.
 |
40 Responses to “Bluehost website got hacked?”
Leave a Reply
You must be logged in to post a comment.
November 9th, 2008 at 3:30 pm
Level 3 techs (Adam, Brandon, and Rick) have confirmed that if you use php with the fast-cgi option,, that certain *VERY IMPORTANT* functions in your php.ini files will NOT be processed (but not give an error), including (but not limited to):
disable functions
open_basedir
which can make it a lot easier to have your site hacked. I wonder if this contributed to your problems.
So, you can’t turn off the following via your php.ini (and I don’t know any other way to disable these while using fast-cgi — Bluehost’s only suggestion is to go back to standard php and put a php.ini in every directory — unverified yet if all php.ini functions work properly this way). This somewhat contradicts their marketing, which I’ve tried to point out to them, without a lot of resposne. Functions you can’t disable when using fast-cgi include:
allow_url_fopen = off; doesn’t work
allow_url_include = off; doesn’t work
register_globals = Off; doesn’t work
But more importantly, when I tried to disable functions or limit script execution, there was no log error or other indication of php.ini not working, EXCEPT that when I tried to hack my own site a bit, I was able to execute functions that had supposedly been disabled!! Very, very bad!
Better to throw an error during php parsing or at least warn about this issue on the php handler web setup page (where you select regular php or fast-cgi) than to leave users with a false sense of security.
Despite several Level 1 techs denying these problems, when you finally get to a “senior, Level 3″ tech, they confirm that Bluehost knows of these problems, and there’s no ETA to have them fixed, but I just wish that they’d be more honest with users instead of risking having sites hacked by having these functions unwittingly still enabled.
My recommendation: until these problems are fixed, do not use fast-cgi with your php on Bluehost until they show this as fixed, or you are making it easier for your site to be hacked.
November 30th, 2008 at 6:10 pm
Bluehost is a joke of a company. How can the entire public_html, mail, even .trash, and .temp be deleted by a hacker?
February 22nd, 2009 at 6:47 am
I have hosted few my sites on bluehost . But almost them were hacked recently. This is a company with very low security. I came to know most of clients site of blue host were hacked. I am going to change hosting plan to any other server.
I am strongly advice all NOT TO PUBLISH you site with BLUE HOST.
September 17th, 2009 at 4:34 am
I was with blue host since 2006, when they were not that big. and quite good.
I found my account suspended yesterday.I called them and they opened my ftp access. I discovered few folders on my site with php files. i have never seen them before, no idea from where they came.
Anyway after sending them an email they send me a huge check list. I spend 10 hours checking my site via that list. and once i told them i am done, they replied sorry for the misunderstanding. your account is permanently banned, what a joke.
Basically they blame me for hacking. or using a non secure program.
So any of you wants to try bluehost? be careful!
BTW to cheat people more, they are using 2 other hosting companies as well by using same system and people.
bluehost.com
hostmonster.com
fastdomain.com
(visit above sites, and check their postal address)
September 17th, 2009 at 6:39 am
bluehost & hostmonster & fastdomain are the same company, we had blogged about it some time ago at here http://www.hostmonsterreview.org/hostmonster-vs-bluehost-vs-fastdomain
December 22nd, 2009 at 3:30 pm
my account get hacked all the time too, i am tired of it. the support is not good.
I just have some simple html file on my website and our emails account get hacked all the time.
December 23rd, 2009 at 10:46 am
hi Carl,
hacker usually attack via web forms or even contact us page… always make sure the html codes are secure. We highly recommend you use joomla cms scripts for personal or business site creation. Its secure.
Also, regarding account access and security, you have to login cpanel, get the password change, email password change and ftp login password change too. These three password should use secure password combination too.
December 29th, 2009 at 11:07 pm
Just had 10 sites in one bluehost account hacked by Saudi Arabia hacker. My web guy thinks they must have come in through the server, not through my wordpress code.
Anyone have a better host to suggest?
Thanks.
December 31st, 2009 at 8:15 am
Sites also included Joomla sites, which really makes me think its a server weakness.
March 14th, 2010 at 12:08 pm
I’ve never been more disappointed with the customer service team at Bluehost. Until today I thought they were a great company. Today their security issues are costing me thousands and thousands of dollars.
March 18th, 2010 at 10:34 am
I spent probably 60 hours rebuilding a client site that kept getting repeatedly hacked on a bluehost site. I finally traced the logs and determined that someone hacked into cpanel through the password retrieval tool. All the passwords were strong. I switched the site to another host and haven’t had an issue since. I wrote about my experience here. My favorite part is the bluehost support tech’s constant insistence that it was my wordpress site that was the security vulnerability. In reality, it was the password retrieval function on bluehost’s cpanel.
March 23rd, 2010 at 9:03 am
bluehost upgrade their server recently, and require all password to be changed.
this might be related issue and get resolved now. it take some time for major server patch to take place.
April 1st, 2010 at 10:04 pm
I just went to BlueHost from Host Gator just to have some new ip blocks. Today 4-1-10 a Turkish bunch of idiots took over all my sites and left a dirty little “Hacked by CmTr” logo on there. I spent all day fixing the messes they created and getting secure. Blue Host responded back saying that they only protect their servers, not the users. Thanks for looking out for us Blue Host!
I have about 200 other sites hosted with Host Gator and Web Host Pad – None of them were compromised which left BlueHost as the root of all evil. I would say their servers have probably been hacked and they are coming in through the back door.
Advice to potential Blue Host Customers: Go to Host Gator!
April 12th, 2010 at 7:52 pm
Hacked with a redirect.
This has happened before, stopped for awhile, and now its back.
Very frustrating.
April 14th, 2010 at 1:17 pm
Same issues as others… I got hacked a while back… fixed the problems…updated all scripts, changed passwords, did everything they advised… sites were back up then they shut them down today because 1 site was hacked again… now they won’t let me put them back up until I’ve outlined the details I took to fix their mistakes. None of my sites on MT or hostgator or even a few other bluehost servers have ever been hacked. Just this same server the same way. Avoid bluehost unless you want to spend more time fixing servers than making money with a live website.
April 15th, 2010 at 9:25 am
Bluehost has rendered almost 7 years of my work obsolete by changing a password that does not work with my Dreamweaver software. They said my software is suddenly obsolete so I needed to purchase the upgarde which is HUNDREDS of dollars. I am absolutely horrified. They simply DO NOT CARE ABOUT THE CUSTOMER AT ALL! I was told they would hook me up to billing for a refund! I HATE THEM NOW! I have been reduced to tears, on the phone for many, many hours and nobody will help me. Developers have never returned calls even though my case was escalated more than once. My work iand my clients work is being held hostage because they REFUSE to support me….I was never given any warning at all. This is a known issue and I am literally screwed as are my clients who also use the same software. All I can say is that Matt Heaton (I had great respect for him) is a great example of success having gone to his head. He too has ignored my letter and my pleas for assistance. They just blew me off! I hope everybody out there gets a grip on Bluehost because they are not the company they used to be! Now they employ a bunch of arrogant “know-itall” type geeks who would just rather blow you off than deal with tye issues they have caused.
April 20th, 2010 at 8:30 am
is the dreamweaver failed with the remote server file uploading?
you can use the dreamweaver to create and edit your website content… but place the web files at local computer…
then use the filezilla to upload the web files over to server…
*filezilla support the new bluehost password requirement.
April 20th, 2010 at 1:11 pm
Dreamweaver worked seamlessly before these change. I have tried using filezilla MANY times after having placed my files in public_html on my local computer. The directories are different, images and links are broken and things come over differently.
April 22nd, 2010 at 7:25 pm
from your dreamweaver, open the web file, code view, and make sure the directory or images html code is not getting source from local computer C:\
for directory, you can use
“../” as refering to website homepage.
“../image/” as refering to image directory in homepage dir.
by this, when you use filezilla to upload files to web server public_html folder, your webfiles can be executed and get images etc from the public_html folder and subdir as well. not from your local C:\.
Do double check.
June 11th, 2010 at 12:23 pm
There is a glitch in Dreamweaver that try it tries to retain the old password even though it has been changed. The easiest way to fix the problem is to create a new connection through site manager.
Unless you are a hacker you will have no idea how vulnerable WordPress, Joomla, and other FREE programs are to hack. There are new vulnerabilities found to access sites using these programs on a weekly basis (almost daily for Joomla.. see http://joomlaexploit.com). The programs themselves are fairly secure, it’s the plugins and components that render them highly vulnerable. It is not Bluehost’s responsibility to make sure YOUR scripts are up to date. IT IS YOUR RESPONSIBILITY to maintain the security of your site. They can only do the best they can, but it’s the customer;s ultimate responsibility to stay updated. Hackers can delete every file on your account by uploading a single shell script (look up c99 or r57). Since all of the recent attacks on Network solutions and Godaddy, Bluehost has increased the security of their server dramatically, unfortunately if your code is out of date you will still be hacked regardless. They are planning on rolling out an Intrusion Detection System, that will prevent certain files from being uploaded. If you want to be as close to 100% secure, then invest in a monitoring service like Sucuri or SecureLive.
July 3rd, 2010 at 12:43 am
I’m having similar troubles with Bluehost right now. Site deleted six times in the last month, no matter what I do (per their instructions) to harden them.
Now, facing the possibility of re-loading a large site for the seventh time (with no help from Bluehost “support” — which I used to love) and my account about to expire shortly anyway, I’m definitely thinking about a change in hosts.
July 13th, 2010 at 5:22 pm
BLUEHOST SECURITY AND CUSTOMER SUPPORT IN THAT DEPARTMENT IS TERRIBLE. Got hacked countless times redering my sites and email unusable. Had to switch hosts.
August 9th, 2010 at 3:26 pm
My website was hacked too and the company blamed ME! for it. They said I must have given my log in info to the hackers. And they are also charging me $50 to clean it up. Unbelievable.
September 7th, 2010 at 2:00 am
From my experience i suspect bluehost servers are not secure enough, I had many clients who got malware on their site on BH, but there was no way through scripts, because their sites were not very active and I know their scripts. and the way of the attacks shows that someone gained access to root, something we don’t even have access to. I’m not making claims against bluehost neither accusing them, but I think somebody should get to the bottom of this, and bluehost should do something about it. with all those cheap people who don’t listen to advice and get attracted by BH ads, BH owes customer in return. but it might be it is all coincidence. and I understand it is tough to secure servers. but shared servers are outdated now, time to move out to better tech.
September 20th, 2010 at 9:55 pm
It’s a joke for such company to exist.
My html webpage was hacked and they refused to do anything.
They just say
“we do not have a service to manage, clean, or build your web content.”
OK, you do not have service to manage web content. Does that mean you do
not have service to security as well? If there is no security, why do we buy
your service??
I’ll definitely move my service elsewhere soon.
October 6th, 2010 at 11:34 pm
All my sites got hacked on JustHost. So what other players out there offer unlimited domain hosting?
Every index.php file got replaced with a photo of a person a hoodie “hacked by ml seven.” Not sure how it was accessed, but please post any suggestions on how to prevent.
October 7th, 2010 at 1:20 am
justhost website hack is one common issue, view our justhost review here for discussion of justhost website hacked in. http://www.justhostreviews.org/justhost-hack-website-hacked-once-again
for sure, you will need to contact justhost support for direct assistant.
For advice, we would suggest upgrade to reseller plan, that is more reliable and secure.
November 7th, 2010 at 9:41 am
With the new bluehost control panel login & implementing strong password for user accounts… seem like the website hack issue is decreasing dramatically right now.
December 7th, 2010 at 8:54 pm
Let me first say that I really liked bluehost and all the features they offer. Sadly, between February/March and June of this year 2 of my clients and one of my own websites hosted by Bluehost were hacked. The attacker copied/uploaded a new index.html and some htmls files to the root folder. This happened both to a php website with a form and a very simple html website which makes me think that the attack came through the FTP login rather then through the form which uploads files after a strict validation process. My FTP password was perfectly secure above a 8 number combo and I have changed it repeatedly. The bluehost chat support repeated back to me over and over what their rule book seems to say, that I have to make sure that websites are secure. Maybe they didn’t here me, but I told them repeatedly that they are. I have a lot of experience in programming and web design! I told them they were secure and concluded that their are not doing a good job at screening their own servers. I might have been a bit more relaxed another time, but I was going through a very rough time back then and kept on hearing the same bluehost answer over and over until I had enough. I haven’t had a hacker attack since then and changed all my passwords, but I am planning on moving all my clients websites in the next years to a different hosts.
December 24th, 2010 at 5:04 pm
The 2 same sites as described in #30 just got hacked again. Same thing: hacker replaced index page with his/her own version. Will move my sites from Bluehost to different provider asap!
March 7th, 2011 at 12:09 pm
My company used Bluehost after we relaunched our site back in September. I’ve used them before for a couple of personal sites and had excellent experience, which is why I highly recommended using them for my company’s site.
However, about a week after launch we experienced exactly the same issues that a lot of people are posting about here – malicious files suddently appearing on our server, most of them obviously used for phishing attacks (fake bank of america pages, that kind of thing). This was also after Bluehost introduced the new password requirements. The account was suspended, so working with Bluehost I was able to locate and remove the malicious files. The person I dealt with was excellent and extremely helpful, and was actually able to tell me what directories the files were in.
Then the exact same thing happened again about a week later. So I located the malicious files and deleted them again. But when I called Bluehost the person I talked to said the site was still compromised and it was up to me to find and delete them all before they would reactivate the site. Our site uses a CMS was a large number of files and directories. It took me several hours to troll through each directory and check whether or not the files I was looking at were malicious or not. Finally I fixed it and the site was reinstated. I was annoyed, but the problem appeared to be solved, so I got past it.
Then, less than a week after that it happened a THIRD time. Same deal, Bluehost rep said it was up to me to find and delete the malicious files, so I spent another few hours repeating the exercise. When I called back he told me the site was clear, but since the site had been hacked three times in less than a month I had violated the terms of service and the account was terminated. I could access my files for 30 days, but the site was no longer hosted.
With the help of a consultant we switched hosting providers and fortunately had the site back up and running in less than 24 hours. We haven’t had a single problem since switching hosts. We also had a security consultant audit the site just to make sure, and they were appalled that Bluehost was so quick to blame us and terminate the account.
Now, I still use Bluehost for my personal sites. I like their features, the price is right, all that good stuff. But after my experience dealing with them for my company I’m probably going to switch to another host when my contract is up next year. I accept that site owners should do everything they can to keep their website secure, but it really bothered me how inflexible they were about this.
March 10th, 2011 at 12:22 am
I too have several websites hosted with Bluehost and yesterday they were all closed down and I was sent an email asking me to clean up a number of files. All of them were index.htm* files and had been manipulated to redirected to dodgy sites.
I cleaned them up and bluehost promptly reopened them.
However, and this is what annoyed me, they said, “If this continues you could risk your account status with us.” !!!
A brief internet search brought me here, and to other forums, where it is obvious this kind of thing is endemic at Bluehost. So today I will be looking for an alternate host for my websites.
March 13th, 2011 at 12:02 am
I had it now with Bluehost. This is the 4th time my clients site got hacked this year. That site was never taken down by Bluehost and labeled compromised, but files were uploaded, index files overwritten, and content added. Similar to Rob’s story above: fake British bank files. I am very disappointed and am switching providers asap.
June 7th, 2011 at 10:27 pm
Yesterday my website was gone, simply gone. I called their support people demanding an explanation. The answer I got from them is they don’t know what happened. And they are simply not responsible!
What a frustration! My website is a small business. Now everything is gone, and all business has to be shutting down!
It is really a crap experience with bluehost. I feel I am totally robbed by them.
June 8th, 2011 at 6:53 pm
Hi, My site has been hacked twice today! I do not understand what else I can do.
My cpanel was secure numbers, characters, capital letters, etc.
Now what? I though the site was secure..Thanks.
June 8th, 2011 at 6:56 pm
I’m told that is the host responsibility to avoid this hacking. Why is this happening here? Any advise? I do not know how to clean up files!
Thanks
June 29th, 2011 at 10:52 am
me 2 i do not agree with blue host
i got attacked with adam love virus
it has wrote in my htacess and a file of an english name is saved containing smthg…
a .logs is created with thousands of html pages
Very poor security
August 13th, 2011 at 8:01 am
I lost count of how many clients I have got from Blue Host (Thank you Blue Host!) but I can contribute to this post to say that if Blue Host has a server that is secure, I have not found it yet!
The biggest issue with Blue Host servers is they are either lazy or totally uneducated in server management and they install the operating system and run it as a default system. This means that if you do not know how to setup your own server and work with a php.ini file to secure your website. Then you are open to attack.
For the price of hosting there are a number of top quality hosts that actually have an educated tech team that understands a default OS install is a fools game. The price to have someone like me come in and move your site, clean out the infection and set it up on a secure platform is never in the budget!!
So ALERT everyone, DO NOT host with these MORONS and if you have to pay a few extra bucks to get an actual support team that will support, backup and take the blame when something is their fault. Go with them and save your sanity and pocketbook!
September 10th, 2011 at 9:12 pm
I watched my BlueHost account get hacked over the past 2 days. I reported unknown CPU activity, so much that BH was throttling the CPU constantly with nothing running on my site.
I finally caught a bunch of shell access attempts and reported them. Same worthless responses from a ‘Computers for Dummies’ dropout. So I captured the logs and did my duty- reported it via Live Support, via many help tickets, etc.
End result? After 2 days, the hacker brute forced through BH’s shell access and replaced the homepage with a different index.html and index.html.1 files.
I was pleading for access to server logs that show more than just generic stuff. I am a CISSP and could easily track the items and fix the problem- if I had access to the info (logs).
So remember me. It’s the 10 yr anniversary of 9/11 and everyone is on alert for cyber attacks- except BlueHost it seems. And when the compromise hits the press, I’ll step forward with the logs and tickets and chat transcripts showing I warned them and tried to get them to take prudent action.
And that, my friends, is how a company is held accountable for neglect. Prudent Man Rule. They were informed by a trained security professional and offered all the backup data, but the refused to take any steps to halt or prevent the compromise.
It gives juries free reign to assign massive punitive damages and paves the way for potential criminal charges and personal liability for those involved when crimes (such as id theft, credit card and password compromise, and of course various computer crimes)
“Yes Sir, I did notify BlueHost in writing and identified myself in my professional capacity. I also made it quite clear the liability they could be risking by ignoring this incident…..”
October 6th, 2011 at 6:10 am
Client site hacked today. Must admit for the first time. But a SCARY SCARY experience. Will definitely move this site. I’ll have to fork out the new hosting fee i guess too…
Bluehost = Jokey joke town.