Web hosts suspend hacked sites: Imagine waking up one morning with a ring to your voice and spring to your steps looking forward to the day ahead. And then your web host suspends your hacked WordPress site.
You didn’t even know that your site was hacked. Besides, your web host seems to be leaving you right when you need it. But if you peek to see the other side of the coin, you’d notice that hosting providers, especially shared hosting providers have legitimate security concerns to take a drastic step like suspending an account. On shared hosting, several websites use the same server and therefore when one site gets hacked, there is a real chance that other sites on the same server too will be compromised sooner or later.
That said, suspending hacked websites are not the only course of action that hosting providers take. Let’s take a look at what other steps that web hosts can take when they find a hacked website using their service.
Is Suspending Hacked Site the Only Course of Action?
Suspending account is one course of action hosting providers take. But a good web host will first issue a warning to the site owner before suspending a hacked site account. After discovering that a site has been compromised, these are the steps a responsible hosting provider generally takes:
1. They’ll send an email to the website owner with:
- Details of the exploit of the site
- A list of outdated or vulnerable scripts or backdoors possibly left by the hackers.
- List of outdated WordPress add-ons, i.e. themes and plugins and the WordPress core.
- A clear deadline by which you need to get back to them or get your site cleaned.
2. If the web host provider offers security features, then they’ll also offer to clean malware from your hacked site.
3. And if they take reliable backups, they’ll offer to restore a clean backup to your site.
Depending on the plan that you are on, your web host provider will offer the above options. If you are subscribed to a cheap plan, then the web host may only offer a warning mail. But for people who are subscribed to higher plans, they’ll receive an option to clean or restore backups of the site.
Why Do Web Hosts Suspend Hacked Sites?
The primary reason behind sending a warning or suspending an account is to either protect:
- The site visitors (in case of individual hosting)
- Other sites on the hosting server (if it’s on shared hosting)
The risk of being suspended is higher with shared hosting. This is because in shared hosting multiple websites share the same server. Imagine the server was a dormitory and the people inside the dorm room as a website. When one person catches the flu, the rest are bound to be affected. Likewise when one site is hacked, and malware infected there is a real chance that the rest of the sites on the same server are affected.
For instance, suppose hackers hacked your site that was hosted on shared hosting. They use your site resources to execute some malicious activities. In doing so, they consume most of the bandwidth of the shared server. Since your site is taking up most of the bandwidth, other sites on the same server are being denied their share of bandwidth. This prevents them from functioning properly.
Moreover, sometimes malicious codes from one infected site may find its way to the other sites which will create havoc. Once a hacker finds his way into the server, infecting the other sites are only a matter of time. And when that happens, serious issues will rise. Let’s take a look at some of these issues which will help us get a greater understanding of why web hosts suspend hacked sites.
With Control of Hosting Server What Damage Can Hackers Cause?
After having access to a website server, the hackers proceed to execute their malicious intentions. Such activities wreak havoc on websites on the same server. Here’s an overview of the things hackers do with access to the hosting server.
They Send Spam Mails from Your Server
Anyone who has an email account must be acquainted with spam mails. One report tells us that spam mails make up for almost 60% of the traffic on the web. While there are several reasons why hackers hack a site, many aims to send spam mails using the hosting server. To stop spam mails, email servers have certain security measures in place. They track servers that send out spam mails and blacklist them. When popular email providers block your server, it not only prevents you from sending mails but also blocks all other websites on your shared server to send mails. Suspending your account may save the server from getting blacklisted by email servers. And that is why many web hosts suspend hacked sites.
They Infect Visitor Websites
Cross-site Scripting hack can spread like wildfire because it tends to affect the visitors of your site. A simple act of opening a page can cause the infection to spread. In shared hosting, cross-site scripting can affect every visitor of every website on the same server. This particular attack is capable of wrecking huge cumulative damage. Individual web hosts suspend hacked sites to save visitors, and shared ones have a number of sites along with their visitors on the line. For the purpose of mitigating such attacks, many shared hostings have a robust security system in place. They keep websites on the same server separated from one another. When such security system is not in place, web hosts suspend hacked sites in hopes of preventing damage quickly.
They Can Use to It Execute DDoS Attack
Another common hack attack that hackers execute using the website server is called Distributed Denial of Service (DDoS). The aim of this attack is to make a website unavailable by sending too much traffic. Every website is designed to handle a certain amount of traffic. Exceeding that would get the server overloaded, and it would deny service. If a hacker gets access to your site, he’ll use your site resource to execute a DDoS attack. The resource could be your site server. Since the attack is being executed using your site server, it will be blocked by other servers, firewalls and even Google search engines. For shared servers, it worst. Not only will your site get blocked, all other websites on our server will suffer the same consequences without any fault of their own.
They Can Ask for Ransom Money
Some hackers are simply motivated by money. They hack websites and lock the server down. Website owners can’t access their site server until they pay a certain amount of money. If you are hosted on an individual server, then you’ll have to bear the brunt of the ransom. And if you are hosted on shared hosting, the damage is magnified where several sites are affected. To save themselves, from such crisis web hosts suspend hacked sites.
Whether hackers would succeed in their attempts, depend on the security measures taken by web hosts. While it’s frustrating when web hosts suspend hacked sites, it’s done for the benefit of sites on the same server as well as the visitors to all those websites. However, you can request your hosting provider to unsuspend it but first, you need to repair your hacked website.