911 Hack Removal

Bluehost Malware Scanner – Your Bluehost account has been deactivated

Updated on: August 14, 2020

Bluehost Malware Scanner – Your Bluehost account has been deactivated

Article Summary

Bluehost is a great and affordable way to host a site online. However, if the website has security lapses then the hosting can turn into a nightmare. Bluehost takes its security policy very seriously and therefore sites with a malware infection are typically banned or suspended. The frustrated users can be found scraping the web for articles like this which would help them to restore their suspended Bluehost site. However, unlike other articles, this one will not only tell you how to restore your site using Bluehost Malware scanner but also give some bonus security tips in the end to avoid such cases.

A Bluehost account suspension means that your website has been taken offline and is no longer accessible to your users. Understandably, Bluehost account suspended is a nightmare for most web owners. The most obvious reason that comes to mind for account suspension is always – Hack! However, there could be several other reasons which can be at the bottom of a Bluehost account suspension. In fact, non-payment is the most common reason why Bluehost suspends a website.

Bluehost, apparently, takes its security policy very seriously. And, it is quick in banning or suspending hacked websites in order to safeguard other websites on the server. If you also had your account suspended by Bluehost then this blog post will be of much use to you. It covers the symptoms, causes, and restoration process involved in a Bluehost account suspension. In the end, you will also get some bonus security tips to avoid such cases in the future.

How to fix Bluehost account suspended?
How to fix Bluehost account suspended?

Bluehost Account Suspended – Symptoms

  • Website experiences sudden downtime.
  • Emails from Bluehost saying ‘Your account has been deactivated due to detection of malware!

Example of Bluehost account suspension warning
Example of Bluehost account suspension warning
  • Site is laden with phishing pages.
  • Web shells & backdoors on the website
  • Need help in restoring your website after Bluehost account suspension? Drop us a message here and get professional help.

    Causes of Bluehost Account Suspension in WordPress, Magento, OpenCart & Joomla

    Once the malware has gotten hold of your Bluehost website, it can further use it to propagate other malicious purposes like crypto mining, spam, etc. Therefore, these websites are suspended at the earliest to secure others. Let us take a look at some such causes which may be indirectly linked to a malware infection.

    Failure of Payment

    This is one of the most common reasons why a Bluehost account suspended occurs. According to Bluehost,

    All payments are taken, in advance, for the full term of your plan.

    In case you failed to comply, Bluehost suspends the website. This suspension is not as abrupt as it sounds, Bluehost sends a series of emails reminding the user of the payment renewal. It takes the website down if the owner lags even then.

    Violation of Policies

    The terms & services of hosting provider Bluehost is a gospel to be followed. Also, any deflection from the terms of use can result in your website’s suspension. The terms of use, as published by Bluehost, prohibit hosting offensive & obscene content, spam content, etc on the server. It also has a policy against websites involved in phishing & cloaking. If found guilty of the above, Bluehost account suspension would follow.

    Resource Overuse

    Since Bluehost is a shared server, it has an equal liability towards each website to provide with adequate resources. But, if your website starts consuming more than a fair share of bandwidth on the server, Bluehost suspends them. Your extensive usage of resources may obstruct the performance of other websites on the server.

    Even though excessive use of resources is a valid reason, Bluehost doesn’t suspend the account right away. It notifies you about the increased usage and requests you to limit your consumption. In case of non-compliance, it suspends your website.

    Spam Distribution

    Compromised websites can be used to redistribute spam. Typically, multiple lists are maintained on the web which record IPs that churn out large amounts of spam. Since the spammers need new IPs every day to distribute their spam, hosting platforms like Bluehost with hundreds of websites makes for a lucrative target. A Bluehost site identified as the distributor of spam can land in the spam directories. In fact, it can also lead to the ban of the entire server! Therefore, Bluehost suspends such sites with utmost urgency.

    Cryptocurrency Mining Causing Server Overload

    By compromising a Bluehost site, attackers can hijack a fairly good amount of computing resources. These websites can be used to mine cryptocurrency for them. Typically, the hackers prefer mining Monero on such sites. Even though CoinHive (a popular Monero mining service) is shutting down, attackers manage to find multiple ways to mine crypto. This practice can lead to a significant load on the server. Therefore, another reason for Bluehost site suspension.

    Now, the email sent by Bluehost would mention a ban caused due to server overload. But, this again is an indirect result of malware infection. Moreover, the compromised Bluehost site can also be used to distribute pirated movies, software, etc. which can increase the load on the server. Therefore, determining the real cause of Bluehost site suspension can be tricky.

    Malware Redistribution

    The attacker can also use the hacked Bluehost site as a storehouse of malware. It can be therefore used to infect other websites running on the same server or sharing web space. In such cases, lack of sub-netting can open the floodgates of infection. Bluehost systems can identify such websites and can lead to a blanket ban on multiple hacked sites.

    This is a sample malware-infected file as depicted by Bluehost:

    /home1/abc/public_html/yourdomain/index.php: SL-PHP-UPLOADER-1-hh.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/tests/404.php: SL-PHP-EVAL_REQUEST-hw.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/storage/wp-log.php: SL-PHP-SHELL-md5-cpqs.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/storage/logs.php: SL-PHP-FILEMANAGER-aj.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/storage/new_readme.php: SL-PHP-FILEHACKER-ajr.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/Y/index.htm: SL-HTML-PHISHING-awg.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/readme.php: SL-PHP-BACKDOOR-GENERIC-ava.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/X/login.php: SL-HTML-PHISHING-aok.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/phpunit/phpunit/src/Util/PHP/leafmailer.php: SL-PHP-MAILER-GENERIC-ev.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/xp/login.php: SL-HTML-PHISHING-aok.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/att/Indexxatt/Team.php: SL-PHP-HACKEDBY-ocq.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/Co/index.htm: SL-HTML-PHISHING-awg.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/Co/adobe.php: SL-HTML-PHISHING-arq.UNOFFICIAL FOUND
    /coyz4/public_html/yourdomain/wp-content/login.acc.bank.com/hold/next3.php: SL-HTML-PHISHING-bnc.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/wp-content/login.acc.bank.com/hold/step3.php: SL-HTML-PHISHING-eiw.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/wp-content/login.acc.bank.com/hold/index.php: SL-PHP-REDIRECT-1-md5-agru.UNOFFICIAL FOUND

    Need a Bluehost Malware scanner to secure your website? Drop us a message on the chat widget, and we’d be happy to help you fix. it. Scan My Bluehost Website Now.

    Detecting & Cleaning Bluehost Malware Attack

    Block Out the Attackers

    In order to search for the Bluehost malware attack type, it is advisable to take the complete site offline. Doing so would enable us to work more efficiently using the Bluehost Malware scanner. However, if you do not wish to do so then, at least change the database and login panel passwords to block out attackers. In case you suspect that the database has been compromised, the password can be reset by the following steps.

    • Step 1: Log in to the Control Panel of your Bluehost account.
    • Step 2: Icon to reset the password of MySQL can be found under the Databases section of the cPanel.
    • Step 3: Look at the username shown. See if there is any suspicious username.
    • Step 4: To change the password in order to block out attackers, type a new password in the “New Password” text box. After that, enter the same password in “New Password” text box to confirm it.
    • Step 5: Finally click the Set MySQL Password button. Ensure that a message like “Your password has successfully been updated, Click here to continue” appears.

    Detect and Delete Malicious Code

    For novice users, it is advised to comment out any suspicious code using the ‘#‘ symbol and then contact the experts for deep code analysis or use a Bluehost Malware scanner. Intermediate users should look out for obfuscated code apart from malicious code. Typical obfuscation would be in the Base64 format. Multiple files containing such code can be found with a simple command. Simply run:

    find . -name "*.php" -exec grep "base64"'{}'; -print &> hiddencode.txt

    Running this command here would search and store all the base64 encoded code and save it inside the hiddencode.txt file. Decoding of base64 encoded lines can be done via online tools. Apart from base64 hidden code, FOPO Obfuscation is quite popular with the attackers. Novice users can hunt malicious code using the phpMyAdmin tool. Look at the image given below for reference.

    Bluehost Malware Scanner Phpmyadmin

    Securing Bluehost Website with Astra

    There are thousands of malware signatures and manually searching for each one of them is not possible. Therefore, in such scenarios, an automatic Bluehost malware scanner seems to be the best bet. However, with so many Bluehost Malware scanners in the market, finding the right type can be tricky. Let us take a look at all the parameters one should consider before buying a Bluehost Malware scanner.

    Bluehost Malware Scanner by Astra

    Astra provides just the right Bluehost malware scanner. Here are a few reasons why you must choose Astra to secure your Bluehost site.

    • Easy to Use: Astra is designed with novice users in mind. Its simple dashboard interface can be used even by beginners to secure their site hosted on Bluehost.
    • Affordable: Astra Bluehost malware scanner is highly scalable. So, it can be used for small blogs on Bluehost as well as by large companies.
    • Firewall: Astra comes with a rock-solid firewall which can prevent multiple intrusion attempts by the attackers.
    • Customer Support: Astra is always there to help its users. Engineers at Astra can help you with installation to everything. Moreover, Astra provides regular updates via email.
    How to fix a hacked website?
    How to fix a hacked website?

    Bonus Security Tips

    • Never use the same password for multiple components on Bluehost i.e. Cpanel, MySql, etc. Make sure to set a random and secure password.
    • Keep your CMS installed on Bluehost up to date.
    • Audit the security of your site hosted on Bluehost periodically.
    • Hide sensitive files and error messages.
    • Use safe coding practices to develop your webpages.
    • Make use of HTTPS on the site hosted on Bluehost.
    • Use a Bluehost malware scanner to scan site regularly.

    Worried about securing your Bluehost site against online attackers? Opt for Astra’s Bluehost Malware Scanner to keep your site from harm’s bay.

    Was this post helpful?

    Tags: , , , , ,

    Vikas Kundu

    Vikas is a computer science graduate with a keen interest in cybersecurity. Besides programming cool software, he also shares his knowledge on website security on niche blogs. He has written over 150 technical write-ups to date and is still actively writing. In his free time, he can be found playing football.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Inline Feedbacks
    View all comments

    Psst! Hi there. We’re Astra.

    We make security simple and hassle-free for thousands
    of websites and businesses worldwide.

    Our suite of security products include firewall, malware scanner and security audits to protect your site from the
    evil forces on the internet, even when you sleep.

    earth spiders cards bugs spiders

    Made with ❤️ in USA France India Germany