911 Hack Removal

Fixing Bluehost Account Suspension – Your Bluehost account has been deactivated

Updated on: September 8, 2021

Fixing Bluehost Account Suspension – Your Bluehost account has been deactivated

Article Summary

Suspension of a Bluehost account can occur for a variety of reasons such as non-payment, malware infection, spam, cryptomining and so on. If you have had your Bluehost account suspended, read this guide to figure out the reason as well as steps to restore it.

Hosting providers such as Bluehost are responsible for protecting other websites on their servers while maintaining uptime for your website at all times. When a website becomes a potential threat to other websites or violates its policies, the hosting provider takes strict action and suspends them. If you also had your Bluehost account suspended then this blog post will be of much help. It discusses why your Bluehost account was suspended, how to restore it, and how to prevent Bluehost account suspensions in the future.

What is Bluehost account suspension?

A Bluehost account suspension means that your website has been taken offline and is no longer accessible to your users. The most obvious reason that comes to mind for account suspension is always – A Hack! However, Bluehost account suspensions can happen for various other reasons. In fact, non-payment is the most common reason why Bluehost suspends a website. Other reasons include spam, malware, crypto mining activities, resource overuse, etc.

Bluehost account suspension because of Malware or Hack Issue

Malware is the second most common reason behind Bluehost account suspensions. Malware-infected websites pose a security risk to other websites on a server and are thus suspended. If your website has been acting strange lately, redirecting visitors, displaying unknown pop-ups, etc., it is possible you have been hacked. A malware infection can be confirmed by several other symptoms as well.

Besides, in a Bluehost account suspension, Bluehost will also send an email informing you about malware on your website. It may even share a list of infected files and their locations. Or will upload the list of malware-infected files on your root directory under the name malware.txt.

Bluehost account suspended
How to fix Bluehost account suspended?

Symptoms of Account Suspension

  • Website experiences sudden downtime.
  • Emails from Bluehost saying ‘Your account has been deactivated due to detection of malware!
  • You are seeing account suspension message in browser while opening your website.
Example of Bluehost account suspension warning
Example of Bluehost account suspension warning
  • Site is laden with phishing pages.
  • Web shells & backdoors on the website
  • Causes of Bluehost Account Suspension in WordPress, Magento, OpenCart & Joomla

    Once the malware has gotten hold of your Bluehost website, it can further use it to propagate other malicious purposes like crypto mining, spam, etc. Therefore, these websites are suspended at the earliest to secure others. Let us take a look at some such causes which may be indirectly linked to a malware infection.

    • Failure of Payment
    • Violation of Policies
    • Resource Overuse
    • Spam Distribution
    • Cryptocurrency Mining Causing Server Overload
    • Malware Redistribution

    1. Failure of Payment

    This is one of the most common reasons why a Bluehost account suspended occurs. According to Bluehost,

    All payments are taken, in advance, for the full term of your plan.

    In case you failed to comply, Bluehost suspends the website. This suspension is not as abrupt as it sounds, Bluehost sends a series of emails reminding the user of the payment renewal. It takes the website down if the owner lags even then.

    2. Violation of Policies

    The terms & services of hosting provider Bluehost is a gospel to be followed. Also, any deflection from the terms of use can result in your website’s suspension. The terms of use, as published by Bluehost, prohibit hosting offensive & obscene content, spam content, etc on the server. It also has a policy against websites involved in phishing & cloaking. If found guilty of the above, Bluehost account suspension would follow.

    3. Hacked Website

    If your website has deceptive or malicious content on it, is rerouting visitors, sending spam, showing malicious ads or pop-ups, and so on, it has been possibly hacked. Bluehost takes its security policy very seriously and is quick in banning or suspending hacked websites in order to safeguard other websites on the server. If you notice any of the above signs on your website or have received prompts from Bluehost, search engines, or your security partner, for questionable website behaviour, it may be hacked getting your bluehost account suspended.

    4. Resource Overuse

    Since Bluehost is a shared server, it has an equal liability towards each website to provide adequate resources. But, if your website starts consuming more than a fair share of bandwidth on the server, Bluehost suspends them. Your extensive usage of resources may obstruct the performance of other websites on the server.

    Even though excessive use of resources is a valid reason, Bluehost doesn’t suspend the account right away. It notifies you about the increased usage and requests you to limit your consumption. In case of non-compliance, it suspends your website.

    5. Spam Distribution

    Compromised websites can be used to redistribute spam. Typically, multiple lists are maintained on the web which record IPs that churn out large amounts of spam. Since the spammers need new IPs every day to distribute their spam, hosting platforms like Bluehost with hundreds of websites makes for a lucrative target. A Bluehost site identified as the distributor of spam can land in the spam directories. In fact, it can also lead to the ban of the entire server! Therefore, Bluehost suspends such sites with utmost urgency.

    6. Cryptocurrency Mining Causing Server Overload

    By compromising a Bluehost site, attackers can hijack a fairly good amount of computing resources. These websites can be used to mine cryptocurrency for them. Typically, the hackers prefer mining Monero on such sites. Even though CoinHive (a popular Monero mining service) is shutting down, attackers manage to find multiple ways to mine crypto. This practice can lead to a significant load on the server. Therefore, another reason for Bluehost site suspension.

    Now, the email sent by Bluehost would mention a ban caused due to server overload. But, this again is an indirect result of malware infection. Moreover, the compromised Bluehost site can also be used to distribute pirated movies, software, etc. which can increase the load on the server. Therefore, determining the real cause of Bluehost site suspension can be tricky.

    7. Malware Redistribution

    The attacker can also use the hacked Bluehost site as a storehouse of malware. It can be therefore used to infect other websites running on the same server or sharing web space. In such cases, a lack of sub-netting can open the floodgates of infection. Bluehost systems can identify such websites and can lead to a blanket ban on multiple hacked sites.

    This is a sample malware-infected file as depicted by Bluehost:

    /home1/abc/public_html/yourdomain/index.php: SL-PHP-UPLOADER-1-hh.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/tests/404.php: SL-PHP-EVAL_REQUEST-hw.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/storage/wp-log.php: SL-PHP-SHELL-md5-cpqs.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/storage/logs.php: SL-PHP-FILEMANAGER-aj.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/storage/new_readme.php: SL-PHP-FILEHACKER-ajr.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/Y/index.htm: SL-HTML-PHISHING-awg.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/readme.php: SL-PHP-BACKDOOR-GENERIC-ava.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/X/login.php: SL-HTML-PHISHING-aok.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/phpunit/phpunit/src/Util/PHP/leafmailer.php: SL-PHP-MAILER-GENERIC-ev.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/xp/login.php: SL-HTML-PHISHING-aok.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/att/Indexxatt/Team.php: SL-PHP-HACKEDBY-ocq.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/Co/index.htm: SL-HTML-PHISHING-awg.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/vendor/Co/adobe.php: SL-HTML-PHISHING-arq.UNOFFICIAL FOUND
    /coyz4/public_html/yourdomain/wp-content/login.acc.bank.com/hold/next3.php: SL-HTML-PHISHING-bnc.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/wp-content/login.acc.bank.com/hold/step3.php: SL-HTML-PHISHING-eiw.UNOFFICIAL FOUND
    /home1/abc/public_html/yourdomain/wp-content/login.acc.bank.com/hold/index.php: SL-PHP-REDIRECT-1-md5-agru.UNOFFICIAL FOUND

    Need a Bluehost Malware scanner to secure your website? Drop us a message on the chat widget, and we’d be happy to help you fix it. Scan My Bluehost Website Now.

    Detecting & Fixing Bluehost Account Suspension

    Block Out the Attackers

    In order to search for the Bluehost malware attack type, it is advisable to take the complete site offline. Doing so would enable you to work more efficiently using the Bluehost Malware scanner. However, if you do not wish to do so then, at least change the database and login panel passwords to block out attackers. In case you suspect that the database has been compromised, the password can be reset by the following steps.

    • Step 1: Log in to the Control Panel of your Bluehost account.
    • Step 2: Icon to reset the password of MySQL can be found under the Databases section of the cPanel.
    • Step 3: Look at the username shown. See if there is any suspicious username.
    • Step 4: To change the password in order to block out attackers, type a new password in the “New Password” text box. After that, enter the same password in “New Password” text box to confirm it.
    • Step 5: Finally click the Set MySQL Password button. Ensure that a message like “Your password has successfully been updated, Click here to continue” appears.

    Detect and Delete Malicious Code

    For novice users, it is advised to comment out any suspicious code using the ‘#‘ symbol and then contact the experts for deep code analysis or use a Bluehost Malware scanner. Intermediate users should look out for obfuscated code apart from malicious code. Typical obfuscation would be in the Base64 format. Multiple files containing such code can be found with a simple command. Simply run:

    find . -name "*.php" -exec grep "base64"'{}'; -print &> hiddencode.txt

    Running this command here would search and store all the base64 encoded code and save it inside the hiddencode.txt file. Decoding of base64 encoded lines can be done via online tools. Apart from base64 hidden code, FOPO Obfuscation is quite popular with attackers. Novice users can hunt malicious code using the phpMyAdmin tool. Look at the image given below for reference.

    Bluehost Malware Scanner Phpmyadmin

    Request Bluehost to review and unsuspend

    After you are done with the malware cleanup, double-check there is no trace of malware left. When you’re super sure you can ask Bluehost to review your website and lift the suspension.

    For this, you can either send them an email, get on a live chat with Bluehost support, or just reply to their account suspended email.

    Securing Bluehost Website with Astra

    There are thousands of malware signatures and manually searching for each one of them is not possible. Therefore, in such scenarios, an automatic Bluehost malware scanner seems to be the best bet. However, with so many Bluehost Malware scanners in the market, finding the right type can be tricky. Let us take a look at all the parameters one should consider before buying a Bluehost Malware scanner.

    Bluehost Malware Scanner by Astra

    Astra provides just the right Bluehost malware scanner. Here are a few reasons why you must choose Astra to secure your Bluehost site.

    • Easy to Use: Astra is designed with novice users in mind. Its simple dashboard interface can be used even by beginners to secure their site hosted on Bluehost.
    • Affordable: Astra Bluehost malware scanner is highly scalable. So, it can be used for small blogs on Bluehost as well as by large companies.
    • Firewall: Astra comes with a rock-solid firewall which can prevent multiple intrusion attempts by the attackers.
    • Customer Support: Astra is always there to help its users. Engineers at Astra can help you with installation to everything. Moreover, Astra provides regular updates via email.
    How to fix a hacked website?
    How to fix a hacked website?

    Bonus Security Tips

    • Never use the same password for multiple components on Bluehost i.e. Cpanel, MySql, etc. Make sure to set a random and secure password.
    • Keep your CMS installed on Bluehost up to date.
    • Audit the security of your site hosted on Bluehost periodically.
    • Hide sensitive files and error messages.
    • Use safe coding practices to develop your webpages.
    • Make use of HTTPS on the site hosted on Bluehost.
    • Use a Bluehost malware scanner to scan site regularly.

    Worried about securing your Bluehost site against online attackers? Opt for Astra’s Bluehost Malware Scanner to keep your site from harm’s bay.

    Astra Web App Pentest

    Was this post helpful?

    Tags: , , , , ,

    Naman Rastogi

    Naman Rastogi is a Growth hacker and digital marketer at Astra security. Working actively in cybersecurity for more than a year, Naman shares the passion for spreading awareness about cybersecurity amongst netizens. He is a regular reader of anything cybersecurity which he channelizes through the Astra blog. Naman is also a jack of all trade. He is certified in market analytics, content strategy, financial markets and more while working parallelly towards his passion i.e cybersecurity. When not hustling to find newer ways to spread awareness about cybersecurity, he can be found enjoying a game of ping pong or CSGO.
    Notify of

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Inline Feedbacks
    View all comments

    Psst! Hi there. We’re Astra.

    We make security simple and hassle-free for thousands
    of websites and businesses worldwide.

    Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

    earth spiders cards bugs spiders

    Made with ❤️ in USA France India Germany