BlueHost suspends my WP blog, for ‘less than 250$’ SiteLock can repair it :/

jechercherdesinfos
(@jechercherdesinfos)

7 years, 6 months ago

Hi,

Today my blog dyeing2meetu.com was suspended by BlueHost. When asking for advice on their site, it’s SiteLock answering that ‘there is some malicious content redirecting traffic to another suspicious site”.

I try to keep my blog up to date (latest version of WP and Siwteen theme), had a free version of WordFence installed (and yes an alert arrived yesterday and I used the “restored original files” and new scan was OK) but I am no expert.

My blog is actually a sub domain of a friend site and everything is now suspended. When enquiring what to do BlueHost/siteLock answered than for 250$ they can clean my blog and then for ‘less than 250$ per month!!!, they can maintain it clean… I blog about natural dyeing so needless to say this is not within my budget :/

They say they will suppress everything from their server in about 15 days if we do not agree to pay… what are my options?

Thank you for your suggestions 🙂

Viewing 10 replies - 1 through 10 (of 10 total)

Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

7 years, 6 months ago

Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

Thread Starter jechercherdesinfos
(@jechercherdesinfos)

7 years, 6 months ago

Thank you Steve! I will follow the many links.

SJW
(@whitsey)

7 years, 6 months ago

Run the GOTMLS malware scanner over your site: https://wordpress.org/plugins/gotmls/ – It will find and remove whatever it can find.

Check your web server logs to see who is accessing what (someone will be accessing a page that is not a wordpress page e.g. 123test.php which will be creating the problems) Find any abnormal files and delete them.

Reinstall the latest version of WordPress: /wp-admin/update-core.php

Redownload all your current plugins and copy the files over the top of your files.

Install iThemes Security and lock down your site.

Thread Starter jechercherdesinfos
(@jechercherdesinfos)

7 years, 6 months ago

Thank you Shannon for your informations. Will proceed step by step.

whitefirdesign
(@whitefirdesign)

7 years, 6 months ago

You will also want to look at the logs to see what evidence they show as to the source of the hack, as you want to fix whatever vulnerability allowed the hacker access to the website in the first place.

As for the advice from your web host, it isn’t surprising when you understand the relationship between them and SiteLock. Bluehost gets a big cut of the revenue from any SiteLock services they sell their customers, so they are unlikely to provide much in the way of useful advice on dealing with hacked websites. The CEO of their parent company, Endurance International Group, also happens to be one of SiteLock’s majority owners. SiteLock has shown that they don’t even have a basic understanding of how WordPress handles security, so we have hard time believing that a responsible web host would be suggesting them to clean up WordPress based websites. After getting things cleaned up you may want to consider moving to a web host host that doesn’t treat security the way that Bluehost does.

Thread Starter jechercherdesinfos
(@jechercherdesinfos)

7 years, 6 months ago

Thank you White Fir Design! Interesting information about how Bluehost and SiteLock have a common interest in having their clients “hacked”… :/
So, after collecting our files via FTP and running various malware scanners (so far nothing found but we need to do more research), we will be looking for another web host. If you know of web hosts that are different and want to recommend some, it will be appreciated.
tarekahf
(@tarekahf)

7 years, 4 months ago
I face exactly same issue with Bluehost and Sitelock. I am so much frustrated. I am looking now for a new Hosting Service Provider and a developer to help me get things back online on the new hosting service.

I would like to know what others have done to solve their problem?

Appreciate your feedback to help me move forward.

Thank you.

Tarek
- This reply was modified 7 years, 4 months ago by tarekahf.
Thread Starter jechercherdesinfos
(@jechercherdesinfos)

7 years, 4 months ago

Hi Tarek,

Just to say that although Bluehost / Sitelock “blackmailed” us to pay immediately $250 or they would destroy all our files and stopped all our mails 2 weeks after their message… they did not do it.

But, following advices given in forums, we have decided to leave them anyway and are now hosted with Namecheap which was quite user friendly with good online help for the transfer.

You might find some information on those forums too:
http://www.thatsupergirl.com/bluehost/
https://www.etsy.com/teams/21913/chitchat/discuss/18121152/

So far we have not yet found the ‘malware’ mentioned by Bluehost in our files… and the blog is not up as it was because I’ve been busy… and maybe not as enthusiast about blogging as I was, but it will come back 🙂

Again, we thank those who helped, there is no simple solution but it offers some relief to know you are not alone!

tarekahf
(@tarekahf)

7 years, 4 months ago

Thanks a lot!

Please recommend a developer or point me to where I can find the developer who helped you.

Tarek

Thread Starter jechercherdesinfos
(@jechercherdesinfos)

7 years, 4 months ago

We are not developers but we did it ourselves, with the online help (included in the price of hosting our site) of our now new web host namecheap.com : it was straight forward to transfer the address and mail, setting up sites and blog again took some of our time though.

We chose namecheap because it was recommended in forums and we had bought the names of our sites with parents company. I understand same services are offered by all web host but, of course, it is better not to chose one from Endurance group as they seem to practice this “blackmail” as part of their business model (see above response from White Fir Design).

Hope this helps