Announcement

Collapse
No announcement yet.

Website Hosting

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Website Hosting

    I created this website for psychiatry education purposes two years ago- on wordpress hosted by bluehost. I got this message from bluehost that website is deactivated due to the detection of malware. They are asking for $150/month X 1 year to clean this website and keep it safe from future attacks. I run this website for educational purposes only and don't make any money.

    So I have decided to find another free/less costly platform and make new website. Which hosting platform is preferred: squarespace/ wix/ weebly/ others.

    Also how much you pay for website security (if any).

  • #2
    You sure that email is from Bluehost? Sounds phishy
    Helping those who wear the white coat get a fair shake on Wall Street since 2011

    Comment


    • #3




      I created this website for psychiatry education purposes two years ago- on wordpress hosted by bluehost. I got this message from bluehost that website is deactivated due to the detection of malware. They are asking for $150/month X 1 year to clean this website and keep it safe from future attacks. I run this website for educational purposes only and don’t make any money.

      So I have decided to find another free/less costly platform and make new website. Which hosting platform is preferred: squarespace/ wix/ weebly/ others.

      Also how much you pay for website security (if any).
      Click to expand...


      Sounds like a hackjob. I'd call your host and see if its a legit email. If it is then move hosts, others will take your business.

      I suspect its BS and a phising email.

      Comment


      • #4
        I called bluehost customer service as my website is down (http://psychiatryeducationforum.com/)

        They recommended this $150/month cost. They did agreed to reduce price to $85/month X 1 year, after I told them that I am planning to take my website down.

        Comment


        • #5
          For a site that makes no money, no way would I pay $150 per month.

          How does your site get malware? Do you inadvertently introduce it. Or they do not provide protection

           

          Comment


          • #6
            um no I think I pay that per year with Wix. Webs was a little cheaper but klunky.

             

             

            Comment


            • #7
              85/month for what? Thats horrible. it should be 5 bucks a month. This is Whole life level rip off. Switch hosting.

              Comment


              • #8
                Gross. $150/mo is too much for a small Wordpress site.

                Checking out your site from archive.org, You were running 4.9.4 for at least a few days after 4.9.5 was released, which fixed several published vulnerabilities. One of those may have been the attack vector.

                Another common malware source is "free" third-party themes and plugins.

                Also possible, someone guessed your password.

                You can try to fix this yourself--

                1. Change all passwords immediately

                2. Check that all users are valid

                3. Install and run a wordpress plugin like this one, Wordfence or any of a number of others to see if find the issue

                4. Remove the wordpress version "fingerprint" from your theme

                Comment


                • #9
                  I am paying Bluehost $250 for hosting for 2 years.  So far I have had no problems.

                  Comment


                  • #10




                    Gross. $150/mo is too much for a small WordPress site.

                    Checking out your site from archive.org, You were running 4.9.4 for at least a few days after 4.9.5 was released, which fixed several published vulnerabilities. One of those may have been the attack vector.

                    Another common malware source is “free” third-party themes and plugins.

                    Also possible, someone guessed your password.

                    You can try to fix this yourself–

                    1. Change all passwords immediately

                    2. Check that all users are valid

                    3. Install and run a wordpress plugin like this one, Wordfence or any of a number of others to see if find the issue

                    4. Remove the wordpress version “fingerprint” from your theme


                    Click to expand...


                    Thanks Ryan.

                    - I did installed free third party plugins recently and looks like this started malware attacks.

                    - I will change all my passwords.

                    - I did installed wordfence 1 month ago and fixed all issues found by wordfence.

                    - Bluehost is recommending Sitelock package (which they are giving me at discount price of $85/month).

                     

                    I am not good with this coding and related stuff. I will request bluehost to activate my website, so that I can get in and remove these plugins and change themes. I am not able to access website through wordpress.

                     

                    Bluehost emailed me following mail:

                     

                    Your psychiatryeducationforum.com account has been deactivated due to the detection of malware. The infected files need to be cleaned or replaced with clean copies from your backups before your account can be reactivated.

                    URL(s): /home1/psychio2/public_html/wp-includes/js/jquery/jquery.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
                    /home1/psychio2/public_html/wp-includes/js/jquery/jquery-migrate.min.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
                    /home1/psychio2/public_html/wp-includes/js/wp-embed.min.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
                    /home1/psychio2/public_html/wp-includes/wpsmedata.php: SL-PHP-UPLOADER-1-md5-ndw.UNOFFICIAL FOUND
                    /home1/psychio2/public_html/wp-content/wp-xmlrpc.php: SL-PHP-FILEHACKER-xl.UNOFFICIAL FOUND
                    /home1/psychio2/public_html/wp-content/wpsmdata.php: SL-PHP-UPLOADER-1-md5-ndw.UNOFFICIAL FOUND
                    /home1/psychio2/public_html/wp-content/cache/wpfc-minified/7c76d2zh/c4ylq.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
                    /home1/psychio2/public_html/wp-content/cache/wpfc-minified/6wby538l/c4ylq.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
                    /home1/psychio2/public_html/wp-content/cache/wpfc-minified/q7ge6h4o/c4ylq.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
                    /home1/psychio2/public_html/wp-content/themes/accesspress-ray/welcome/demos/layout-1/content.xml: EIG.LinkSpam.NoSuspend.NotifyOnly-19.UNOFFICIAL FOUND
                    /home1/psychio2/public_html/71ba5704c07aec55402cb7d674cb5783: SL-PHP-REDIRECT-1-afl.UNOFFICIAL FOUND
                    /home1/psychio2/public_html/index.php: SL-PHP-REDIRECT-1-afh.UNOFFICIAL FOUND

                    To thoroughly secure your account, please review the following:

                    * Remove unfamiliar or unused files, and repair files that have been modified.
                    * Update all scripts, programs, plugins, and themes to the latest version.
                    * Research the scripts, programs, plugins, and themes you are using and remove any with known, unresolved security vulnerabilities.
                    * Update the passwords for your hosting login, FTP accounts, and all scripts/programs you are using. If you need assistance creating secure passwords, please refer to this knowledge base article: https://my.bluehost.com/hosting/help/418
                    * Remove unused FTP accounts and all cron jobs.
                    * Secure the PHP configuration settings in your php.ini file.
                    * Update the file permissions of your files and folders to prevent unauthorized changes.
                    * Secure your home computer by using an up-to-date anti-virus program. If you’re already using one, try another program that scans for different issues.

                    You may want to consider a security service, such as SiteLock, to scan your website files and alert you if malicious content is found. Some packages will also monitor your account for file changes and actively remove malware if detected. Click here to see the packages we offer: https://my.bluehost.com/cgi/sitelock

                    Please remove all malware and thoroughly secure your account before contacting the Terms of Service Department to reactivate your account.

                    You may be asked to find a new hosting provider if your account is deactivated three times within a 60-day period.

                    Comment


                    • #11




                      I am paying Bluehost $250 for hosting for 2 years.  So far I have had no problems.
                      Click to expand...


                      I also paid $250 for 2 years hosting and this 2 year period will expire in Sep 2018.

                      Comment


                      • #12
                        If you have a backup from before the site went down (and was presumably infected), wipe everything and put the old files in.

                        Otherwise, you can try fixing it by FTP, which does not require the HTTP side (webpage) to be up.

                        Have you ever used FTP?

                        Comment


                        • #13




                          If you have a backup from before the site went down (and was presumably infected), wipe everything and put the old files in.

                          Otherwise, you can try fixing it by FTP, which does not require the HTTP side (webpage) to be up.

                          Have you ever used FTP?
                          Click to expand...


                          I did uploaded my old files and removed all these infected files. Working with bluehost to get this back online now.

                          Comment


                          • #14
                            Finally website is back online.

                            - upgraded wordpress to 4.9.6.

                            - removed all recently added plugins.

                            - removed all infected files.

                            - changed all passwords.

                            - I am the only user on this website. I do have subscribers through mailchimp.

                            - Is it worth upgrading wordfence security to premium for $99/year cost ($89/yr for 2 yr; or $84/yr for 3 yr). I am planning to consider this option after this bad experience.

                            Comment


                            • #15




                              Finally website is back online.

                              – upgraded wordpress to 4.9.6.

                              – removed all recently added plugins.

                              – removed all infected files.

                              – changed all passwords.

                              – I am the only user on this website. I do have subscribers through mailchimp.

                              – Is it worth upgrading wordfence security to premium for $99/year cost ($89/yr for 2 yr; or $84/yr for 3 yr). I am planning to consider this option after this bad experience.
                              Click to expand...


                              No. Just stay away from third-party themes, etc. Stick to the WordPress vetted themes and plugins.

                              As far as sitelock, your site is already locked (See below) with your current, bluehost plan (https://whois.icann.org/en/lookup?name=psychiatryeducationforum.com).

                              Status


                              Domain Status:clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)

                               

                              As far as additional site security, see my first recommendation and consider adding the Akismet plug-in. Between those three things (no third party themes or plug ins, wordfence and Akismet) you should be fine for free.

                              Comment

                              Working...
                              X