Recently I had seen more bluehost users posted in bluehost forum, stating that their bluehost hosted website had been hacked. Various Bluehost web site hacking had been reported, which including .htaccess redirection to hacker site, modification of php.ini files, insertion of HTML content into index.html, iframe embeding into index.html webpage, etc.
This is a major concern for me as well, if there is any vulnerability in bluehost server, I would like the bluehost support team to get it patched. If we think from bluehost side, bluehost support team is excellent in maintaining a good hosting server. There is no doubt for cPanel security and safety as well. At this point, I assume bluehost support had performed the necessary server maintenance and taken the security measures.
Over 90% of website hacked is caused by weak user account login and password. The remaining reason this caused by the party website script that is vulnerable and having security hole. For an example, a hacker can exploit your textbox or web-form and injected SQL into your database, or they can inject HTML code into your web files. Another entrance for hackers is through FTP login, once they gain access, they will be able to change your web files in any means.
Thus, is important to secure your own hosting account and as well your ftp login. Make sure your password is 8 Character long and having combination of alphanumeric, Numbers, and symbol. safeguard your own login information. Finally, make sure your website script is updated with the latest version of script released. These are the best way to protect your website from being attacked again.
3 Responses to “Bluehost website got hacked?”
Leave a Reply
10 Most Recent Posting
- Bluehost uptime for december 2008 - www.bluehostreview.org
- Bluehost site builder with PageWizard
- Bluehost cpanel showing 300 latest visitors to your website
- Bluehost webalizer log and bluehost awstats log
- Bluehost hosting with free website templates
- Bluehost hosting host over 740,000 domains
- Bluehost uptime for November 2008 - www.bluehostreview.org
- Bluehost for mambo web hosting
- Bluehost database and phpmyadmin version
- Bluehost hosting with over 710,000 domain names
October 19th, 2008 at 9:17 am
[...] http://www.bluehostreview.org/bluehost-website-got-hacked/ Share or Bookmark This [...]
November 9th, 2008 at 3:30 pm
Level 3 techs (Adam, Brandon, and Rick) have confirmed that if you use php with the fast-cgi option,, that certain *VERY IMPORTANT* functions in your php.ini files will NOT be processed (but not give an error), including (but not limited to):
disable functions
open_basedir
which can make it a lot easier to have your site hacked. I wonder if this contributed to your problems.
So, you can’t turn off the following via your php.ini (and I don’t know any other way to disable these while using fast-cgi — Bluehost’s only suggestion is to go back to standard php and put a php.ini in every directory — unverified yet if all php.ini functions work properly this way). This somewhat contradicts their marketing, which I’ve tried to point out to them, without a lot of resposne. Functions you can’t disable when using fast-cgi include:
allow_url_fopen = off; doesn’t work
allow_url_include = off; doesn’t work
register_globals = Off; doesn’t work
But more importantly, when I tried to disable functions or limit script execution, there was no log error or other indication of php.ini not working, EXCEPT that when I tried to hack my own site a bit, I was able to execute functions that had supposedly been disabled!! Very, very bad!
Better to throw an error during php parsing or at least warn about this issue on the php handler web setup page (where you select regular php or fast-cgi) than to leave users with a false sense of security.
Despite several Level 1 techs denying these problems, when you finally get to a “senior, Level 3″ tech, they confirm that Bluehost knows of these problems, and there’s no ETA to have them fixed, but I just wish that they’d be more honest with users instead of risking having sites hacked by having these functions unwittingly still enabled.
My recommendation: until these problems are fixed, do not use fast-cgi with your php on Bluehost until they show this as fixed, or you are making it easier for your site to be hacked.
November 30th, 2008 at 6:10 pm
Bluehost is a joke of a company. How can the entire public_html, mail, even .trash, and .temp be deleted by a hacker?