BlueHost putting ads on 404 pages

[janiv]

I mistyped a URL today for on of my domains and was shocked to get a customized error page on my domain filled with ads. This was shocking to me because I had not done this and was using the default error page for a 404 error. I can only assume that BlueHost is responsible for this.

I have had such good experiences with BlueHost in the past that this was the last thing I expected from them. I'm paying for my hosting, I'm paying for my domain, and it should be my content to control--not theirs. I did not give permission for them to use my domain as a place for them to place their ads and earn revenue for them off my traffic.

Funny enough, when I heard this was being done by some hosting services on a podcast I listen to daily (CNet's Buzz Outloud), I thought to myself, "Good thing I'm hosting with BlueHost. I trust them and know they won't take advantage of me." Guess I was wrong. So much for that trust. Their reputation, in my eyes, has gone down a lot now. I've been happy with them and their customer service but am disheartened by this latest move.

I would like to hear BlueHost's explanation for this and would like to request them to remove 404images folder they've added in my home directory and not given me permissions to edit.

I know I can customize my 404 and other error pages and am about to do so right now. I encourage you all to check out your 404 and other error pages to make sure BlueHost isn't using them and your traffic to generate ad revenue for themselves.

[Early Out]

I'm getting completely generic 404 pages, like:

404 Not Found
The requested URL /notthere does not exist.

Are the ads you're seeing actually from BH? This sounds more like something your ISP's DNS servers might be doing.

[Early Out]

Just as a check, please give us a URL that leads to one of these ad-laden error pages.

[janiv]

This is what I had in the 404 error page from the control panel.

PHP Code:

<html>
<head>
<title>404 Not Found</title>
<style>
body{
margin:25px;
}
h1{
color:#000000;
font-family: "Times New Roman", Times, serif;
font-size:36px;
font-weight:bold;
margin-bottom:0px;

}
.t1{
color:#000000;
font-family: Arial, Helvetica, sans-serif;
font-size:14px;
}
.t2{
color:#3d3d3d;
font-family: Arial, Helvetica, sans-serif;
font-size:10px;
white-space:nowrap;
}
a{
color:#3d3d3d;
font-family: Arial, Helvetica, sans-serif;
font-size:12px;
white-space:nowrap;
text-decoration:none;
}
a:hover{
text-decoration:underline;
}
</style>
</head>
<body bgcolor=white>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%">
<h1>404 Not Found</h1>
<span class="t1">The requested URL <!--#echo var="REQUEST_URI" --> does not exist.</span>
<br><br>
</td>
<td align="right" valign="top"><a href="http://helpdesk.bluehost.com/kb/index.php?x=&mod_id=2&id=463">Customize This Error Page</a></td>
</tr>
<tr>
<td width="100%" colspan="2" align="center">
<hr align="center" width="100%" size="1" noshade><br style="line-height:5px;">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td><img src="404images/top-left.gif" width="21" height="21"></td>
<td style=" background:url(404images/top.gif) repeat-x"></td>
<td><img src="404images/top-right.gif" width="21" height="21"></td>
</tr>
<tr>
<td style=" background:url(404images/left.gif) repeat-y"></td>
<td valign="top" align="center">

<iframe src="http://searchportal.information.com/?o_id=101579&domainname=referer_detect" name="search" id="search" width="800" height="500" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>

</td>
<td style=" background:url(404images/right.gif) repeat-y"></td>
</tr>
<tr>
<td><img src="404images/bottom-left.gif" width="21" height="21"></td>
<td style=" background:url(404images/bottom.gif) repeat-x" class="t2" align="right" valign="bottom">Advertisement</td>
<td><img src="404images/bottom-right.gif" width="21" height="21"></td>
</tr>
</table>


</td>
</tr>
</table>


</body></html> 


You can try it at http://www.alduraofangelfire.com/test

[Early Out]

Very interesting! Must be something new. Call BH and complain. If they hear from enough angry customers, maybe they'll knock it off.

[janiv]

I opened a ticket and complained of it and got this response:

to my knoledge it was something that cpanel did it is only appearing on some accounts and is not something for us to make money,
i was just as surprised when i found the new error page and at first thought it a hack but upon further investigation i learned that it is indeed something that cpanel is implementing. i am just glad that it is customizable.
Trent D.
Support Level 1
BlueHost.com
888.401.4678

Simply being able to customize it is not an acceptable solution. Customers should be informed that this is being done to them and then BlueHost needs to overwrite the default 404 error page that they copy over to accounts to not include these ads.

[janiv]

Please notice this other topic complaining about this and mentioning that it may be a box58 issue:

http://www.bluehostforum.com/showthread.php?t=12662

I'm on box36 and box87 where this is happening however.

[guachiman]

Janiv

That tech support person was wrong. Yes, there is a way to "customize" your error pages from cPanel, but if you tried to "customize" this weird 404 page, it would not save any modifications, as their permissions were set to 0 on both user and group. (I'm the person that had the problem in box58, and my tech guy was the only one able to delete these files from using their admin account.)

These are hacked files. Not BH's doing.

I got their response over a 1/2 conversation, while we searched through all my subdomains, add-on domains, etc. and cleaned my account.

Please ask a BH cust. support tech. for these files/subdirectories to be deleted.

I also filed a complaint with "Searchportal.com" indicating that one of their customers with owner id "o_id=10157" (check the iframe redirect URL) had hacked my accounts, and requested that they be banned. I would suggest to anyone with the same problem to do the same.

Thanks!

I opened a ticket and complained of it and got this response:
Simply being able to customize it is not an acceptable solution. Customers should be informed that this is being done to them and then BlueHost needs to overwrite the default 404 error page that they copy over to accounts to not include these ads.

[bobdog]

This is an interesting thread. I've been following it for a few days now. I checked several seperate accounts a couple of days ago, and indeed they were all hacked with this iframe. I was just waiting for Bluehost to realize this and correct the problem.

Tech support suggested that I use ssh commands to find the malicious code, but I don't have ssh on all my accounts.

And using FTP to restore the original 404.shtml does not work...the file won't save.

So, tech support asked me to be patient for a half an hour or so while they take a look. But tech support did confirm that this is a hack.

I suggest everybody take a look at their sites and contact bluehost to get rid of these jokers.

[bobdog]

OK, kiddies

Yep it is indeed a move by bluehost. After several hours of waiting, it was confirmed that bluehost did indeed implement this feature.

However, upper management has allowed to have us upload our own 404.shtml files. Thanks for my backups...I have 404.shtml backups on all my sites.

As far as I am concened, more power to bluehost if it wants to make a few bucks on advertisements...but not on my sites. And I want control on that so changing permissions gives me that power.

Otherwise, my experience with Bluehost has been positive. I have been here since I discovered this hosting, almost 8 years now. And I have dozens of sites here.