Bluehost Shut Me Down (AV edition)

Remember that old chestnut where I tested AV avoidance w/ different encoding? Yea:

Look at the date, 2011/04/14.  Well, guess what. I got the following emails:

Dear <redacted>
During a recent SiteLock security scan of your website, malware was detected that could jeopardize the safety of your website and your customers' data. As a longtime partner of bluehost, SiteLock security was included in your hosting package to help ensure the protection of your investment. 
For reference, malware, short for malicious software, is designed to harm or secretly access your website or your website visitors without your knowledge. Websites found with malware can be blacklisted by search engines (e.g. Google) which will prevent your customers from accessing your site. 
For details on how to correct this issue, please contact us at 415-390-2500 and a member of our Support Staff will provide assistance on next steps. 
This infection can severely damage your reputation and take your website offline - please address this as soon as possible. Don't risk everything you've worked so hard to achieve. 
Should you have any questions, please give us a call anytime at 415-390-2500. Our website security experts are here 24/7. 

Thank you, 
The SiteLock Team

Followed by:

Dear <redacted>
Your web hosting account for has been deactivated, as of 04/25/2016. (reason: terms of service violation - malware/virus)

This deactivation was due to a Terms of Service violation associated with your account. At sign-up, all users state that they have read through, understand, and agree to our terms. These terms are legal and binding.
Although your web site has been suspended, your data may still be available for up to 15 days from the date of deactivation; if you do not contact us during that 15 day period, your account and all of its files, databases, and emails will be deleted.

Thank you,
Bluehost Terms of Service Compliance
For support go to

And then:

Dear Customer,
We received multiple reports of hacker activity on your account and as a result had to suspend the account. Please read the information sent below as it provides you some options as to resolving this issue.
Your account has been hacked;
One Example: /home2/ragewebi/public_html/wp-content/uploads/2011/04/meterpreter_2shikata.exe
Thank you
Terms of Service

Thank you,

Bluehost Support

So what?  Well, here’s the funny thing about all this.  That post is 5 years old, and the hosting provider just NOW found ONE of those virus files.  There are 6 in that folder, and it took 5yrs to find one.  Well, As that old post said, AV is a joke!

Comments are closed