Reason: terms of service violation - malware/virus.
Your account has been hacked; a list of the files we have identified can be
found in your home directory, in a file named malware.txt.
These are not necessarily the only hacker/hacked files on the account.
Simply deleting the listed files is insufficient to clean and secure your
account.
Although our servers are secure, there are multiple ways that hackers can
gain access to your account:
1. A vulnerable script or program you have installed
2. An insecure password you have set (either for the cPanel or an FTP
account)
3. An insecure PHP setting you are using on your account
4. Insecure file permissions you have set for your files
5. An insecurity on a computer you use to access your account (a virus or
other malware on a home or work computer)
To correct this problem:
1. Go through the entire account and remove unfamiliar/unused files; repair
files that have been modified by the hacker.
2. Update all scripts/programs/plugins/themes on the account to the latest
versions.
3. Research any scripts/programs/plugins/themes you are using for known
security vulnerabilities; remove any with known, unresolved vulnerabilities.
4. Update your cPanel password, using a strong password (i.e. upper case
characters, lower case characters, numbers, symbols).
5. Remove unused FTP accounts.
6. Update the passwords on necessary FTP accounts to strong passwords (see
4 above).
7. Update the passwords for any scripts/programs you are using to strong
passwords (see 4 above).
8. Remove all unknown cron jobs.
9. Secure the php configuration settings in your php.ini file.
10. Update the file permissions for files and folders on your account.
11. Secure your home computer by using an up-to-date anti-virus program; if
you already use an anti-virus program, download and try a different
anti-virus program, which may scan for different issues.
Hackers often use exploitable scripts on your account to inject their own code. Any .php file is a script, and Wordpress is dynamically generated and one large program composed of hundreds of scripts. Your site could have been hacked at any time, but no one was immediately aware of it for some time. Oftentimes the methods hackers employ involce automated tools that can open up memory holes or other exploitable parts of the languages they are written in. The two most heavily targeted languages are PHP and Javascript, which are used in just about every CMS out there. Because we're not in control of the code you do/do not put on your account, monitoring each line of code actively is difficult, especially as most hackers appear to be normal visitors using our server's monitoring tools. We do use some advanced tools to correct critical security vulnerabilites when they present themselves, but unfortunately our abilities to close vulnerabilities is limited due to the vast array of different content our customers host here. That said, in our Terms of Service we found it more practical to have our customers maintain their own code.
Recurring hacks are unfortunately more than common occurences. This is due to the nature of how hackers inject/infect your sites with their content. Commonly used tools by hackers include automated programs that search for exploits in websites, similar in nature to how search engines look for websites and generate thumbnails and search caches. Another frequently seen behavior in malware or hacks are 'call home' methods, where the infected code checks in with another web location (usually another compromised site) and relay information the hacker wants. When the 'call home' interval is missed, often those same automated tools run against your site again and if the old exploit or another exploit they can attack you through is found, you become infected once again.
Due to this very problem, once you've been hacked once it's important, essential even to protect your account from further infection. Some things to do to protect yourself are:
• Keep your scripts up to date, like wordpress or Joomla.
• - Acquire an internet security service such as http://wewatchyourwebsite.com/ or http://sitelock.com - these companies will scan your site regularly for a fee and if an infection is detected will alert you to the problem and can use automated tools of their own to remove the infection. They will also help you 'harden' your sites from further attacks by closing commonly used exploits that hackers use.
• - Anything you're not using can be a vulnerability. If you have a wordpress plugin or theme you're not using, delete it rather than disable it. make sure any customizations or premium plugins/themes are saved to your computer in case you want to add them again later. The same concept can be applied to just about any CMS or content on your account.
• - Keep your site performing well. tools like http://gtmetrix.com/ can be used to examine the performance of your site. Sites that perform poorly use more memory and cause lags or timeouts, which hackers can exploit to gain access to your files/site.
• - Run your own scans - http://sitecheck.sucuri.net/scanner/ is a great tool to use, though there's plenty of others.\
• - Information is your friend. The more you're aware of this subject, the better you will be able to protect yourself in the future or deal with an issue of infection. To get you started, you may want to read through this site which has some useful information: http://redleg-redleg.blogspot.com/
I also recommend reading through the following articles for guidance:
-https://my.bluehost.com/cgi/help/511
-http://codex.wordpress.org/Hardening_WordPress
-http://25yearsofprogramming.com/blog/20070705.htm
I hope this response has informed you of the problems you've been facing. I'm sure it will make a difference for you in the future. There's an illusion that hackers only target shopping sites. Unfortunately this is only urban legend - hackers will hit your site for two reasons: You're there and they can (try at least). There are also sometimes other reasons, financial or otherwise, but those basic two reasons are why anyone gets hacked.
Thank you,
Andrew
Terms of Service Compliance Department
1958 South 950 East
Provo, UT 84606
P: 888.401.4678 Option 5 | F: 801.765.1992
Most questions can be answered by articles in our knowledgebase or our NEW forum!
Forum: http://www.bluehostforum.com
Knowledgebase: https://www.bluehost.com/cgi/help
What's New at Bluehost? Weebly Site Builder! Included Free at: https://my.bluehost.com/cgi/weebly/
Dear xxxx:
Your web hosting account for xxxx.net has been deactivated, as of 07/09/2012. (reason: terms of service violation - malware/virus)
This deactivation was due to a Terms of Service violation associated with your account. At sign-up, all users state that they have read through, understand, and agree to our terms. These terms are legal and binding.
Although your web site has been suspended, your data may still be available for up to 10 days from the date of deactivation; if you do not contact us during that 10 day period, your account and all of its files, databases, and emails may be deleted.
If you feel this deactivation was made in error, or in order to gain access to your account, please call our customer service line as soon as possible at (888) 401-4678 and speak with our Terms of Service Compliance department.
Please read the following, derived from our Terms of Service agreement, for additional information regarding the matter.
Bluehost uses sophisticated means of security in connection with its services. Notwithstanding the foregoing, it is exclusively the subscriber's obligation to maintain and control passwords to subscriber's web site(s), and subscriber exclusively is responsible for all activities that occur in connection with subscriber's user name, password, and registered domain name(s).
Please review the current copy of our Terms of Service here:
http://www.bluehost.com/cgi/terms
Thank you,
Bluehost Terms of Service Compliance
http://www.bluehost.com
For support go to http://helpdesk.bluehost.com/
Toll-Free: (888) 401-4678
什么情况?怎么解封? |
BlueHost
1606 人阅读
|
7 人回复
狗仔卡
显身卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡