HELP!! False Malware Alert had Deactivated Bluehost Account

Bluehost Account Deactivated

You are definitely in trouble and seeking for a good solution, if you came to read this post. And the pretty awful reason is your bluehost account has been deactivated or you got some issues with your account stating malware has been found.

Well its not just you facing this trouble, there are tons of people who faces this types of problem, and here is the Solution for it.

Firstly don’t panic. It’s likely your site has been hacked and your files infected. Here’s what you need to do:

 

Email From Bluehost

Your web hosting account for yourdomain.com has been deactivated, as of date. (reason: terms of service violation – malware/virus)

This deactivation was due to a Terms of Service violation associated with your account. At sign-up, all users state that they have read through, understand, and agree to our terms. These terms are legal and binding.

Although your web site has been suspended, your data may still be available for up to 15 days from the date of deactivation; if you do not contact us during that 15 day period, your account and all of its files, databases, and emails may be deleted.

If you feel this deactivation was made in error, or in order to gain access to your account, please call our customer service line as soon as possible at (888) 401-4678.

 

Where Did the Malware come from?

Well malware comes mostly from nulled plugins and themes and you must be definitely thinking that if that the reason then we are probably using nulled items in out website. Then you are definitely wrong! we don’t use any nulled plugins, themes or any other items.

Our Themes/Skin is designed by GloriousThemes, running professional Genesis Framework by StudioPress , and all the plugins are purchased or are from the wordpress repository.

malware warning - hosting account deactivated due to malware

Then the question arises, where did the malware come from. User registration account is turned off, Akismet is on and running, No user or author has any right to upload files. Someone has to do something with it.

Well bluehost support provided me with a malware.txt. The malware.txt is a text file that contains the list of all possible file in your hosting account that may possess as a threat or pretend as a malware or be a true malware.

 

Here is the list of malware.txt. I have edited some the files, because i don’t want to reveal my home directory structure for security reasons.


Pretty amazing isn’t it, because all of the files are either from wordpress repository or either purchased from codecanyon.net or so.

 

I found the Malware

So to get rid of it I spent $39 for site doctor, which was not to great and not worthy and next i spent $39 on sitelock professional. Surprisingly sitelock found out the malware location and alerted me within 10 minutes of activating the plugin.

sitelock bluehost account deactivated

Well I could say that my $39 on sitelock which is billed yearly was fruitful. Even as soon as I purchased the service, I got a call from their support team who helped me on setting up and running sitelock.

 

As after the research and purchasing different services, the Sitelock worked for me and it did it job within 20 minutes. The sitelock indicated where the malware is and when I manually removed the link containing malware, the sitelock indicated that my account is clean.

So the next thing I did after removing the malware was to get in touch with a bluehost support team and ask them to activate my account as I have removed all such malwares from my hosting.

hosting account deactivated due to malware

And yes, they did activated my account. So in my case Sitelock did play a great role and it was an affordable service which got my hosting account back. I would suggest others that without wasting your time on doing all such useless things go purchase the service of sitelock.

 

The interesting part of Malware in Bluehost

The interesting part was that the entire list provided by bluehost as malware.txt was 99% rubbish, well it was about 100% rubbish on my case. Going over to Sitelock dashboard, i found that my website still has 7 malwares even after deleting about 3 websites and many plugins from my home directory. Going in depth of the reports provided by sitelock, i found the malware on a post as a link to a backlinking website which has turned out

Going in depth of the reports provided by sitelock, i found the malware on a post as a link to a backlinking website which has turned out as a spammy website in the matter of time.

For additional security i have added rel=nofollow on all that external links, but bluehost script took them as a real malware stating in my website/server directory and deactivated my account.

So I went further and completely removed all the link from that post – “How to build backlinks with social bookmarking sites?” and my site is normal again.

Point to note is my website didn’t had any malware, it was a link in my one of the post that had malware on their website. Luckily i got my website back.

 

Always use some type of security plugin or use some security services to monitor your websites health. Have you encountered with like this problem before, then leave a comment below, on how you got rid of it.

Do the following to get the account.

  • Contact the Bluehost support and address the problem
  • Request them to help you remove the malware from the server
  • Be calm and polite
  • purchase sitelock professional
  • The sitelock professional will call and assist you
  • remove the malware by following the steps provided by them
  • Enjoy your account back

If this methods helps you, leave a comment about your problem…

Got a Problem/Question, need some solution – Ask Niraj anything about. Head over to AskNiraj.com

Author: EDITORIAL STAFF

Editorial Staff at SmartActiveBlogger is a team of WordPress experts led by Niraj Kashyap. Page maintained by Niraj Kashyap.

18 thoughts on “HELP!! False Malware Alert had Deactivated Bluehost Account”

    1. I hope this article may help you. If you need any extra assistance. You can comment below or just head over to our #AskNiraj section, write your problem and get it answered.

  1. I have the same problem, just contact bluehost only happened to me a video to remove the malware from the file, this day borrare some hope to fix malware, first day …

  2. I don’t think this was a false alert. The genericons files did have a recent security vulnerability. I have many clients on Blue Host and NONE have received this malware except the ones who were truly hacked. Please read more about the vulnerability here:
    https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html

    Please don’t brush off this malware alert. This is a real threat and needs to be addressed to avoid other sites from being infected. If you have copies of the original files that Blue Host flagged before you updated or changed them, I’m happy to look at them and let you know what I find. I teach WordPress Security classes, and I clean up a lot of hacked sites. It’s surprising how insidious the hacks can be and how quickly they can return if you don’t completely delete everything and start from scratch, including checking your database for hacked files.

    I honestly don’t believe that Blue Host would mark files with malware if they didn’t have it. Many people don’t understand how to truly clean their sites and do end up leaving backdoors open deep in some folder somewhere or in their database. Anyone reading this post should not brush this off. Sitelock and other tools do not find all of these backdoors, but it does help find some. I am more than happy to help you for free as a PSA to find out where this might be coming from and then you can write another blog post about what we discover. We might not find anything more, but if we do, that will be fascinating.

    1. If you website is taken down, then its better to make a new database and backup your wp-config.php, connect your new database to your wordpress. This will make your wordpress new for a moment.

      Now export the old database to your localhost (Pc/Mac) and then remove the old links from it which you can find directly under the “post” in your database.

      If you don’t have any technical knowledge, hire a freelancer.

      Hope this helps,

      Thanks
      Niraj

  3. You are right !!! Actually Bluehost doing this to earn extra yearly from site lock and other useless services. Seems Bluehost themselves hacking their own server websites and putting the webmasters in a criteria to either buy the site lock or loose your hosting account. Shame on BlueHost

  4. BLUEHOST are doing the same with me ! and that most ridiculous fact, i restored a health backup, but they still saying that have “malware” !!
    I have 30 years programming and i’m very skilled to find IF have a malware

    then when i ask: OK, tell me the name of malware, or what the file, they say: “BY THE OUR POLICY WE CAN’T SAY !”

    maybe if some people bring Bluehost to a small claims court, they can stop with this

  5. Same thing happened to us – we go through all the files and they say that malware still exists, and files that appear on malware.txt file are core files from a freshly installed WordPress.

    Right away, first thing that I was offered was to purchase a service that will clean it up quick.

    To me, it all sounds like a sales gig – we transferred one of our businesses off to another host and haven’t had a single break in/malware.

    Looks like bluehost need to protect themselves better.

  6. i am sick of bluehost

    i contact their chat which is the only way to contact them now, waited for 30 mins, then he started pusing to be buy some 300$ service to clean

    the malware.txt showed only one error, i solved it, this guy tells me no, it wont show everything then he named some folders with problems

    so i told him just give me the list, he said no you have to look for it or hire

    he could see where the problems were but he wouldnt give me the names, its just a push to purchase that site doctor BS.

    i have over 9 accounts with bluehost which containts over 100 domains names, 40 of them are active websites

    within the next two months i am moving everything out

    enough is enough

  7. Hello, me too I’m having a problem whit bluehost, first they wanted 200$ every month for 6 months, after I told them that I have static website and not any shop, he goes to 36$ a month, I wanna move from here ASAP

  8. I have faced the same problem last week. I went through a lot of frustration as I didn’t know what to do. I was forwarded Sitelock sales and they proposed to sign up for a service that would cost 50$ per month for one year contract. Then, every time I wan to do manual cleaning, I have to pay 100$. This seemed very expensive for me.

    I am not sure if there is a better option.

    Please help me to find the most cost effective option.

    Tarek.

    1. I used sitelock professional which cost me around $39 one time payment. I purchased the service through my cpanel.

      Once you get the cpanel working normally, install ithemes security pro plugin on every wordpress site. it will scan and remove malwares.

      By this way you won’t need to spend $50 or $100 each time.

      I hope this helps you.

      Thanks
      Niraj

      1. I am having the same problem now and it is truly frustrating…I spoke to Blue Host and they directed me to site lock where I would have to pay $300 for a one time fee then it would be 150$ a month for 12 months which is no not doable for me. I am a broke college student that money could go for a book! I am not a tech person whatsoever and have no idea how to really fix this on my own. If it truly is a one time payment of about 40$ I guess I am fine with that it just feels very odd to me that they can’t do anything about it other than refer you to their site protection which is ridiculously expensive. Can you further help me? I am afraid that if I do this on my own I will delete my content or screw something up. Thank you!

        1. Sure, I will try to help you,
          Are you able to access your cpanel , filemanager & phpMyAdmin.

          If yes, use ithemes security pro
          or
          backup your database and uploads folder…after that delete all files…and setup your website in local server. Then use ithemes security pro plugin to search and delete the malware.

          If you can’t access cpanel, then contact bluehost support to provide access to cpanle, so you can delete the malware.
          You will see that there is a file named malware.txt. Open that file and you can find some hint where the malware can be located.

          most of the time the malware are located in url’s in comment and post link.

          Thanks

  9. Bluehost is just doing to sell their Sitelock. That’s happening with many of other people. Better not to buy bluehost…… I am also the victim they are saying it has malware all the files are same as previous no files were added or removed but they says Malware.

Comments are closed.