I just went to my art site www.styleartc.com and I got a page saying Reported Attack This web site at styleartc.com has been reported as an attack site and has been blocked based on your security preferences. I don't understand what happened, was my site hacked or what?? What do I do, can anyone help? Nothing like this has ever happened to me before.

Take a look at the code on your pages, and hunt down the stuff that you didn't put there. There are undoubtedly some chunks of code that have been inserted into your pages. You'll have to edit them out. But your site will simply get reinfected if you don't take the necessary steps to make it secure:

My website was hacked. What should I do? (http://www.bluehostforums.com/showthread.php?t=16787)

Yes there was some jibberish inserted in the code, it looked like some sort of javascript. I re-uploaded my pages but I still get the same warning. I looked up my site in google and I clicked on it from the search results and this is what comes up - http://www.google.com/interstitial?url=http://www.styleartc.com/ I don't know what to do.

Read through this:

http://googlewebmastercentral.blogspot.com/2008/04/my-sites-been-hacked-now-what.html

I've just been looking over my files and I noticed this one .htaccess.addhandlerbak I don't recall it being there before. Does anyone know what it is and should it be there or is it part of the problem?

Open it and take a look (it'll just be a text file). Given the name, it's probably just a backup copy of a real .htaccess, and can be deleted.

The htaccess.addhandlerbak file is blank, there's nothing in it. I re-uploaded all my html files last night, I checked the source code of the uploaded pages and there's no more weird code but my site is still blocked as a dangerous site even though I requested a review from google to unblock it. I know google has looked at it because my stats showed google was checking out my site today.

How do I contact bluehost? Some on another forum said it should bluehost's responsibility because they should be offering security against this sort of thing and that if their servers aren't secure then other sites are vulnerable too.

Please read the sticky thread at the top of this forum about website hacking.

BH's servers are very secure. It's your scripts that aren't, or perhaps your PC, and that's why you got hacked. BH isn't responsible for maintaining the security of your site or your PC.

The accounts are very well insulated. So, even though your site got hacked, there was no way for the hacker to get into any of the other accounts on the server through yours.

So what does that mean, Bluehost will not help me fix this problem? I don't have any scripts other than what Bluehost provided. I only have a simple html based site and the only script I'm knowingly using is the one for a form which I got from my Bluehost account. Today I noticed that 2 duplicate html files containing the junk code were in my account . I deleted them and couldn't find anything else out of the ordinary so requested to have my site reviewed again by google.

Generally no, BH will not help you fix the problem. Think of it this way: you buy a new Honda Civic, and drive off the lot. Down the road, you see a hitchhiker who has a 9mm semi-automatic tucked into his jeans. You pick him up, and he steals your car at gunpoint. Now, do you call the Honda dealer for help?

What "form" script are you using?

I'm using cgiemail for a newsletter sign up form that's on my index page.

CGI scripts can have security holes, too. Is this one that you recently installed? Is it the latest update? Believe it or not, without the proper code in place, something like this can be easily used to capture account information and allow a gateway for hackers. It's eye-opening to see what can happen.

Given the nature of cgiemail, however, it seems like a pretty remote possibility (here's a rundown on the security issues (http://web.mit.edu/wwwdev/cgiemail/webmaster.html#security), most of which are simply non-issues). And the cgiemail script is pre-installed on BH accounts - there's no newer version (it's ancient, dating back over a decade).

A PC-based intrusion is suddenly sounding more likely.