Results 1 to 10 of 10

Thread: Security Issues with Bluehost? I ran some tests and it appears to be true.

  1. #1
    rockstrongo Guest

    Default Security Issues with Bluehost? I ran some tests and it appears to be true.

    I have been using Bluehost for 5 years and have multiple accounts. About 2 years ago discovered that more and more of my websites were getting "hacked". Even websites that were custom built with no possible security holes are being hacked and malicious content added. Now I have an account with 15 add-on accounts and every single domain is giving me an error message saying the site is being linked to a malicious or phishing website. I have been on and off with support for the better part of 2 years and I have also changed FTP clients at least 4 times. I don't save my FTP login information anywhere and I have taken every step to keep my information protected. This is becoming way beyond frustrating.

    About 6 months ago I decided to run a split test and see if it was indeed my software and not the hosting company. Bluehost always said it was my scripts causing the issue and I wanted to see if that was true. I purchased a cheap hosting account through another hosting company and uploaded my site and scripts there. The same website that Bluehost told me was the problem has been up and running actively for 6 months without a single issue. The same site that was "hacked" within 2 weeks on my Bluehost account. That makes me wonder...is it really the scripts I have running or the hosting company?

    Here's something else interesting. I took a website that was a popular target for hackers on Bluehost and logged the files. There were 1,308 total scripts when I uploaded it to Bluehost. After about 2-3 weeks I started to get the malicious software error so I checked the scripts and now there was over 4,500! Something or someone had injected over 3,000 files onto my account. I uploaded the exact same site with the 1,308 files to the other hosting company and I just checked before starting this thread; 1,310 files (2 new ones were in the tmp folder). Not a bit of malicious content. No files injected into my account. And no error messages.

    This leads me to believe that it's not my software and scripts that has security issues but instead Bluehost is the one that has the security issues. I can't say unequivocally that this is the case, but I have tested it numerous times and the results don't lie. I would love to stay with Bluehost, but this is scary since me and my family's livelihood depends on clients that have functioning websites and me not working 8 hours a day trying to find exploits and malicious content on all of my client's websites.

    Anyone else encounter this problem? If so, did you test it and what was the outcome? Please don't take this as a knock on Bluehost...I would love to stay with them. I just want to get to the bottom of the issue because I'm spinning my wheels over here constantly fixing websites that weren't broke because of my scripts or security issues.

  2. #2
    Join Date
    Apr 2008
    Location
    Chasing the Holy Grail - Pacific Northwest
    Posts
    1,312

    Default

    Here's a good starting place for your issues --> http://www.bluehostforum.com/showthr...at-should-I-do
    In the Hyperion universe, a farcaster is an instantaneous transportation device.
    Experience: The thing you get just after you need it.

  3. #3
    rockstrongo Guest

    Default

    Quote Originally Posted by farcaster View Post
    Here's a good starting place for your issues --> http://www.bluehostforum.com/showthr...at-should-I-do
    Farcaster, I have done that...more times than I'd like to remember. I even dedicated a clean box ONLY for web development running Ubuntu as the OS. I have followed every step BH support techs have told me but the problem continues. My cpanel password is more than 14 alpha-numeric-symbols, my local machine isn't infected with a password stealer, and my scripts are all clean. I installed the exact same script on the other hosting plan and it's clean after 6 months. It was infected within 2-3 weeks on BH. I have lost so much time and money trying to fix these "hacks". If you can provide any other information, I'm all ears. But I did run tests and it appears that it's Bluehost that is insecure and not my scripts as BH support pointed out.

  4. #4
    Join Date
    Apr 2008
    Location
    Chasing the Holy Grail - Pacific Northwest
    Posts
    1,312

    Default

    Are you running one of the CMS's from Simple Scripts or uploaded, or are you running your own written packages?

    Another place to check would be your FTP/SFTP connections. SFTP is much more secure. Have you changed any of your passwords lately?

    One other thought - the other hosting installation - is it getting the visibility the same as the site(s) on Bluehost? It's also possible that there is something deeply embedded in your Bluehost site that you aren't getting rid of entirely. Without scrutinizing every file you have out there, the only other way I know would be to download your entire site, check each file locally, have Bluehost "perform a reset" on your account, and then upload your site(s) again in a clean state. However, be forewarned that an account reset takes everything back to day one with Bluehost. This included all of your databases, email accounts - everything - gone. Not to be taken lightly if you have a lot invested.
    In the Hyperion universe, a farcaster is an instantaneous transportation device.
    Experience: The thing you get just after you need it.

  5. #5
    rockstrongo Guest

    Default

    Quote Originally Posted by farcaster View Post
    Are you running one of the CMS's from Simple Scripts or uploaded, or are you running your own written packages?
    Nope. Everything is custom coded and custom install. I don't believe in installing or running anything open source. Nothing like giving hackers a road map to exploits.

    Another place to check would be your FTP/SFTP connections. SFTP is much more secure. Have you changed any of your passwords lately?
    I have used FTP and SFTP and I have reset my password so many times I have to write it down in a notepad (not notepad.exe but a physical notepad) so I can remember it. I started with characters and mixed cases..i.e...#$MyPa$Sword!. Site got hacked. So I changed it to something like 39keIl3S3#@9s1S##40=4 - still got hacked. I'm pretty sure it's not my FTP connections.

    One other thought - the other hosting installation - is it getting the visibility the same as the site(s) on Bluehost? It's also possible that there is something deeply embedded in your Bluehost site that you aren't getting rid of entirely. Without scrutinizing every file you have out there, the only other way I know would be to download your entire site, check each file locally, have Bluehost "perform a reset" on your account, and then upload your site(s) again in a clean state. However, be forewarned that an account reset takes everything back to day one with Bluehost. This included all of your databases, email accounts - everything - gone. Not to be taken lightly if you have a lot invested.
    I have done this as well. I had the original native files that were never uploaded to any host and had the BH support nuke my entire account. I'm talking taking it back to BC. From what the BH tech told me, he moved my account to an entirely new box. I then uploaded the virgin files/scripts and viola...hacked again. Same script on other hosting account...perfectly fine.

    Farcaster...I applaud your attempt to assist me but I've been dealing with this for almost 2 years. If there's a suggestion, I've tried it. Three times. I've spent money on new computers, new hosting accounts, and only God knows how many hours of labor to resolve this issue. It finally took an inexpensive and relatively short testing period to figure out that my files and scripts are clean but the problem lies BH security. I've researched online and I'm not the only person this has affected and I'm not math genius, but I am familiar with common denominators and Bluehost is it.

  6. #6
    Join Date
    Apr 2008
    Location
    Chasing the Holy Grail - Pacific Northwest
    Posts
    1,312

    Default

    Then it must be your scripts. And don't be so fast to put down open source CMS systems. That isn't one person doing those - it's a whole team, and extremely experienced in the ways of the hackers. They know what works and what doesn't when build php and server side scripts. If they didn't then they would have all been gone years ago.

    I know you said your scripts are running somewhere else. It's possible that they (whomever they are) don't know that, and don't care, because they can get into the ones you have here easy enough.

    What types of hacks are you getting? If you could describe a bit more on what is happening, maybe someone here will recognize something and give some guidance.
    In the Hyperion universe, a farcaster is an instantaneous transportation device.
    Experience: The thing you get just after you need it.

  7. #7
    rockstrongo Guest

    Default

    Quote Originally Posted by farcaster View Post
    Then it must be your scripts. And don't be so fast to put down open source CMS systems. That isn't one person doing those - it's a whole team, and extremely experienced in the ways of the hackers. They know what works and what doesn't when build php and server side scripts. If they didn't then they would have all been gone years ago.
    I'm familiar with CMS systems and what makes me uncomfortable is the availability of the source code. It won't take an experienced programmer long to find an exploit when they have the source code right in front of them. If you just run a basic install using Simple Scripts without taking any additional security measures then it's just a matter of time before your site gets attacked. That's why Wordpress has an update every other day...or so it seems. If open source CMS is the way you want to go, I'm not knocking it. Just know that it's not going to be as secure as developing your own scripts. Using them as a foundation for your websites isn't nearly as bad as just running the standard install and hoping for the best.

    I know you said your scripts are running somewhere else. It's possible that they (whomever they are) don't know that, and don't care, because they can get into the ones you have here easy enough.
    Isn't that backing up my original statement that the security (lack of) is on Bluehost and not my scripts? Even a standard website with no PHP or Javascript gets hacked on BH. I had a simple brochure website with only 8 pages of information written completely in HTML/CSS. No PHP, Javascript, or any other additional coding. It got hacked and it wasn't running any processing scripts what-so-ever. There was no way for them to exploit my scripts since there were none. It has to be a cpanel security issue. No?

    What types of hacks are you getting? If you could describe a bit more on what is happening, maybe someone here will recognize something and give some guidance.
    I've had everything from the redirects to .ru sites placed into the header/footer to HTML generation where it creates a bunch of .html files with links and products. The worst one I had completely shut down my site and tried to automatically force the visitor to download/install a trojan.

  8. #8
    Join Date
    Apr 2008
    Location
    Chasing the Holy Grail - Pacific Northwest
    Posts
    1,312

    Default

    Quote Originally Posted by rockstrongo View Post
    I'm familiar with CMS systems and what makes me uncomfortable is the availability of the source code. It won't take an experienced programmer long to find an exploit when they have the source code right in front of them. If you just run a basic install using Simple Scripts without taking any additional security measures then it's just a matter of time before your site gets attacked. That's why Wordpress has an update every other day...or so it seems. If open source CMS is the way you want to go, I'm not knocking it. Just know that it's not going to be as secure as developing your own scripts. Using them as a foundation for your websites isn't nearly as bad as just running the standard install and hoping for the best.
    That's your opinion, and probably not shared by many people given the popularity of these packages. You over-state the reason for WP upgrades, in both the frequency and purpose. A majority of them are upgrades for functionality, not security. The same can be said for the rest of the other popular packages.

    Isn't that backing up my original statement that the security (lack of) is on Bluehost and not my scripts? Even a standard website with no PHP or Javascript gets hacked on BH. I had a simple brochure website with only 8 pages of information written completely in HTML/CSS. No PHP, Javascript, or any other additional coding. It got hacked and it wasn't running any processing scripts what-so-ever. There was no way for them to exploit my scripts since there were none. It has to be a cpanel security issue. No?
    No. There are better than a million plus accounts running on Bluehost servers. If there was something causing a security problem as you have stated, then they wouldn't be in business very long. If you are getting hacked on straight HTML/CSS sites, then either someone has your password, access to your password, or your files are installed with the wrong permissions. Go back to the original post, My Site Was Hacked...

    I've had everything from the redirects to .ru sites placed into the header/footer to HTML generation where it creates a bunch of .html files with links and products. The worst one I had completely shut down my site and tried to automatically force the visitor to download/install a trojan.
    You may try utilizing the logging system available from Bluehost to try to track down how this is happening and how they are gaining access.
    In the Hyperion universe, a farcaster is an instantaneous transportation device.
    Experience: The thing you get just after you need it.

  9. #9
    rockstrongo Guest

    Default

    Quote Originally Posted by farcaster View Post
    That's your opinion, and probably not shared by many people given the popularity of these packages. You over-state the reason for WP upgrades, in both the frequency and purpose. A majority of them are upgrades for functionality, not security. The same can be said for the rest of the other popular packages.
    Not really.

    "Vulnerabilities

    Many security issues[50][51] were uncovered in the software, particularly in 2007 and 2008. According to Secunia, WordPress in April 2009 had 7 unpatched security advisories (out of 32 total), with a maximum rating of "Less Critical".[52] Secunia maintains an up-to-date list of WordPress vulnerabilities.[53][54]

    In January 2007, many high-profile Search engine optimization (SEO) blogs, as well as many low-profile commercial blogs featuring AdSense, were targeted and attacked with a WordPress exploit.[55] A separate vulnerability on one of the project site's web servers allowed an attacker to introduce exploitable code in the form of a back door to some downloads of WordPress 2.1.1. The 2.1.2 release addressed this issue; an advisory released at the time advised all users to upgrade immediately.[56]

    In May 2007, a study revealed that 98% of WordPress blogs being run were exploitable because they were running outdated and unsupported versions of the software.[57]

    In a June 2007 interview, Stefan Esser, the founder of the PHP Security Response Team, spoke critically of WordPress's security track record, citing problems with the application's architecture that made it unnecessarily difficult to write code that is secure from SQL injection vulnerabilities, as well as some other problems.[58]

    Since then, WordPress has improved in terms of security and the latest versions are more secure with only minimal security issues[citation needed]. The latest major security issue was found on WordPress 2.7[citation needed], released in 2008.

    Individual installations of wordpress can be protected with security plugins such as Better WP Security and WP Security Scan and many others.[59]"


    http://en.wikipedia.org/wiki/WordPress



    No. There are better than a million plus accounts running on Bluehost servers.
    Give it time. From reviews I'm reading online...people are leaving BH faster than they are signing up. I'm not the first to point out this problem with Bluehost security. Here is a standard Google search for Bluehost Security Problems.



    You may try utilizing the logging system available from Bluehost to try to track down how this is happening and how they are gaining access.
    You're talking but not answering any questions. This has become nothing more than a glorified Bluehost live help session Quit blaming my scripts and blaming me for "inviting hackers" to my sites. Please answer the question why the exact same site on Bluehost is hacked within 2-3 weeks but not hacked on the server of another hosting company after 6 months.

    What this boils down to is why are all of my websites hosted on Bluehost constantly hacked when the exact same site isn't hacked on another hosting account? I don't need anymore fluff, I just want answers. Can you answer that question?

  10. #10
    Join Date
    Apr 2008
    Location
    Chasing the Holy Grail - Pacific Northwest
    Posts
    1,312

    Default

    It doesn't surprise me that you have quoted articles from 4 years ago. A lot has changed.

    As for looking at google for security issues, try it with any other host name - you'll get pretty much the same results.

    Now - I will type a little slower and explain a few things to you.

    Did you really read the Read Before Posting thread that I pointed you to? And the My Site Got Hacked Thread.

    First, this is a user to user forum, and not a Bluehost Support site. The moderators on this site are account holders at Bluehost. We do not get paid to do this. We do it because we like helping people and have experience in the fields.

    So don't tell me to just answer the questions. I was simply trying to guide you into possible directions that you hadn't looked at yet. I don't know what's wrong with your site or your computer. I can't see your code, and at this point I don't want to. Hire a professional.

    This thread is now closed. By the way, if you go back and read the rules, notice that it states don't open a thread again once it's been closed.
    In the Hyperion universe, a farcaster is an instantaneous transportation device.
    Experience: The thing you get just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •