Recently I had seen more bluehost users posted in bluehost forum, stating that their bluehost hosted website had been hacked. Various Bluehost web site hacking had been reported, which including .htaccess redirection to hacker site, modification of php.ini files, insertion of HTML content into index.html, iframe embeding into index.html webpage, etc.
This is a major concern for me as well, if there is any vulnerability in bluehost server, I would like the bluehost support team to get it patched. If we think from bluehost side, bluehost support team is excellent in maintaining a good hosting server. There is no doubt for cPanel security and safety as well. At this point, I assume bluehost support had performed the necessary server maintenance and taken the security measures.
Over 90% of website hacked is caused by weak user account login and password. The remaining reason this caused by the party website script that is vulnerable and having security hole. For an example, a hacker can exploit your textbox or web-form and injected SQL into your database, or they can inject HTML code into your web files. Another entrance for hackers is through FTP login, once they gain access, they will be able to change your web files in any means.
Thus, is important to secure your own hosting account and as well your ftp login. Make sure your password is 8 Character long and having combination of alphanumeric, Numbers, and symbol. safeguard your own login information. Finally, make sure your website script is updated with the latest version of script released. These are the best way to protect your website from being attacked again.
4 Responses to “Bluehost website got hacked?”
Leave a Reply
10 Most Recent Posting
- Bluehost hosting with 915,000 domain hosted
- Bluehost vs Fatcow : web hosting review
- Bluehost Magento Installation and Tutorial
- Bluehost AgoraCart hosting
- Bluehost uptime by BluehostReview.org for May 2009
- Bluehost Cubecart shopping cart hosting
- Bluehost SVN subversion and CVS
- Bluehost dedicated IP address price at $2.50 per month
- Bluehost hostmonster fastdomain with over 1.5 millions domain
- Bluehost vs Hostgator : web hosting review
October 19th, 2008 at 9:17 am
[...] http://www.bluehostreview.org/bluehost-website-got-hacked/ Share or Bookmark This [...]
November 9th, 2008 at 3:30 pm
Level 3 techs (Adam, Brandon, and Rick) have confirmed that if you use php with the fast-cgi option,, that certain *VERY IMPORTANT* functions in your php.ini files will NOT be processed (but not give an error), including (but not limited to):
disable functions
open_basedir
which can make it a lot easier to have your site hacked. I wonder if this contributed to your problems.
So, you can’t turn off the following via your php.ini (and I don’t know any other way to disable these while using fast-cgi — Bluehost’s only suggestion is to go back to standard php and put a php.ini in every directory — unverified yet if all php.ini functions work properly this way). This somewhat contradicts their marketing, which I’ve tried to point out to them, without a lot of resposne. Functions you can’t disable when using fast-cgi include:
allow_url_fopen = off; doesn’t work
allow_url_include = off; doesn’t work
register_globals = Off; doesn’t work
But more importantly, when I tried to disable functions or limit script execution, there was no log error or other indication of php.ini not working, EXCEPT that when I tried to hack my own site a bit, I was able to execute functions that had supposedly been disabled!! Very, very bad!
Better to throw an error during php parsing or at least warn about this issue on the php handler web setup page (where you select regular php or fast-cgi) than to leave users with a false sense of security.
Despite several Level 1 techs denying these problems, when you finally get to a “senior, Level 3″ tech, they confirm that Bluehost knows of these problems, and there’s no ETA to have them fixed, but I just wish that they’d be more honest with users instead of risking having sites hacked by having these functions unwittingly still enabled.
My recommendation: until these problems are fixed, do not use fast-cgi with your php on Bluehost until they show this as fixed, or you are making it easier for your site to be hacked.
November 30th, 2008 at 6:10 pm
Bluehost is a joke of a company. How can the entire public_html, mail, even .trash, and .temp be deleted by a hacker?
February 22nd, 2009 at 6:47 am
I have hosted few my sites on bluehost . But almost them were hacked recently. This is a company with very low security. I came to know most of clients site of blue host were hacked. I am going to change hosting plan to any other server.
I am strongly advice all NOT TO PUBLISH you site with BLUE HOST.