My Hosting Account Was Hacked!

It could just be an insecure contact form.

What type of hosting is it?
Do you have access to logs, some hosting logs email sends/receives.

How did you find out about it?
That should give you a clue to what domain it is coming from.

Sorry to hear about that. Here are couple suggestions for you.

Fist of all your account might not have been hacked, you can send spoof emails with the command prompt from your computer and show the sender as admin@google.com if you want.

Second.
Most hosting companies do weekly backups and keep them for 30 days. If you have a site with a data base where the information is stored just restore the site with a backup copy from a couple weeks ago.

Third.
A hosting account uses higher encription methods then most sites so you can create some pretty off the wall passwords to keep this from happening. Creat a password that a password cracker wil not find in a dictionary or number sting like this:
Buggabo47562@ubfgh!

The more jumbled and random a password is the longer it takes to crack. Hosting account passwords should be changed about 30 days just to keep your sites safe.

You might want to get the email address that reported you and make sure it is spam. If you own multiple sites and sent emails to your subcribers sometimes people forget they registered with you and will mark an email as spam by mistake, this will cause a hosting company to take action.


Best of luck

Get a new host, that sounds fishy. This really seems like their problem if you don't know what is going on?

All mail I've seen generated by php scripts in bluehost domain accounts has the domain ID and the scripts name embedded right in the email headers, I expect for just this reason.

Is it your own dedicated server or a shared account? If it's a shared server, your webhosting company should be able to locate the source of the spamming script. If they can't even tell you which script it is, they should not suspend the account. You should look for a new hosting company then.

Are you speculating, or are you sure this is true?

It's much more likely that your actual website was hacked rather than your hosting account.

This could be caused by any number of factors such as file permissions, SQL injection, scripts you recently installed, and if you are using CMS like wordpress of joomla it could be from any recently installed extensions or plugins.

Either way Bluehost sucks if they can't pinpoint the source of the script that is sending these emails. Time to get a new host LOL

20 bux says you were just hit with a cross-site XSS virus, got sql injected, downloaded a theme with malicious code in it, etc.

Relax!
THERE IS A SIMPLE SOLUTION!



I'm sorry, but that advice is downright stupid.

First of all, bluehost is a pretty good hosting company. It isn't my favourite, but it's in the top 5 for non-cloud-type for sure.

I apologize if my response sounds crass, but I've worked for a hosting company before and I know how it's a huge resource waste having some guy monitor your server segment processes all the time to determine the source of the problem. Even writing a bash script for it. A hosting environment can be a busy place!

Maybe, eventually, some hosting companies will clean the server for you, because these sorts of attacks are on the heavy rise, but at the moment, very few hosting companies will go to the trouble of cleaning up essentially your mess. They would however, give you SSH root access in some cases to go and figure the problem out on your own.

It is definitely not "their problem" and if you think it is, you have a ways to learn about hosting, computer networking and network exploitation.

I do think software like Acunetix should come standard along with your control area, but at the moment, I know of no hosts who do this. I'm sure this will change in the future though.

They should be able to tell you exactly what is going on and what domain it is, etc. Once you know which domain and what the problem is, you can go in and remove or correct the problem, call them, and be back up and running in just a few moments.

Good luck!!

Cindy

I guess there's no need to feel worry about my niche websites then I have this Hostgator with me ..

@ bwgrit : You better contact your host provider that really sounds fishy im not a techie as well but to think that you're website has been hacked then its a big deal for me, hosts knows about it for sure..They can surely helps you in some other way...

I have worked on many hacked sites on hostgator.
I have had clients who have had their websites "cleaned" by HG and was still able to find hacked files after the site was "cleaned."
While I generally like HG -- on a recent assignment, I learned that HG does not run antivirus on client accounts.
Incidentally, the account I was asked to check on had been infected since May 2009 (yes, that's right, 18 mos). What's worse is that one of the infections was of a particularly nasty kind of infection, known as c99shell.

Be sure to check that the amount of storage and the amount of inodes that you use do not go beyond HG's backup limitations. If your account exceeds those numbers (read, carefully, their TOS -- ALL sections -- as the storage limitations are mentioned in one section and the inode limitations in another.) they do not back up the files on your account. And they only backup 1x/week and only keep 1 week's worth of backups.

Live JoyFully!

Judy

Just contact your hosting administrator. Tell him that your hosting account is hacked. The admin of your hosting will solve your problem

I still do not believe this was hacked in the context that everyone is using here.

It still sounds to me like it is header injection in an insecure contact form.
This is very common..

You need to somehow find out what domain it is coming from and see if it has a contact form and disable it.

If you were actually hacked to where someone installed a script, then may may want to think about changing all of your FTP account credentials.