{"id":333,"date":"2023-04-14T18:02:54","date_gmt":"2023-04-14T18:02:54","guid":{"rendered":"https:\/\/www.todhost.com\/blog\/?p=333"},"modified":"2024-07-12T17:04:41","modified_gmt":"2024-07-12T17:04:41","slug":"common-reasons-access-to-your-website-can-be-restricted","status":"publish","type":"post","link":"https:\/\/www.todhost.com\/blog\/common-reasons-access-to-your-website-can-be-restricted\/","title":{"rendered":"Common Reasons Access to Your Website Can be Restricted"},"content":{"rendered":"\r\n<p>If you <strong><a href=\"https:\/\/www.todhost.com\/blog\/build-your-website-with-the-right-tool\/\" target=\"_blank\" rel=\"noreferrer noopener\">run a website<\/a><\/strong> built on a <strong>Content Management System, cms<\/strong>, there is some likelihood you would have received a notification from our web host reporting an inordinate use of server resources or a <strong>violation of the terms of service<\/strong> and this will come with a threat of suspension or restriction of access to your website. This is not to say that only <strong>CMSs have issues<\/strong> that can lead to a penalty. Every <strong>website can be penalized<\/strong> for one reason or the other. The key reason is that the website owner has violated the <strong>terms of service<\/strong> provided by the hosting company.<\/p>\r\n\r\n\r\n\r\n<p><strong>Further reading:<\/strong><\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li><a href=\"https:\/\/www.todhost.com\/blog\/reasons-your-website-is-not-ranking-on-google-serp\/\">Reasons Your Website is Not Ranking on Google SERP<\/a><\/li>\r\n\r\n\r\n\r\n<li><a href=\"https:\/\/www.todhost.com\/blog\/build-website-reputation-and-authority-with-social-media\/\">Build Website Reputation and Authority with Social Media<\/a><\/li>\r\n\r\n\r\n\r\n<li><a href=\"https:\/\/www.todhost.com\/blog\/how-to-boost-wordpress-speed\/\">How to Boost WordPress Speed<\/a><\/li>\r\n\r\n\r\n\r\n<li><a href=\"https:\/\/www.todhost.com\/blog\/a-basic-guide-to-website-designing-for-search-engines\/\">A Basic Guide to Website Designing for Search Engines<\/a><\/li>\r\n\r\n\r\n\r\n<li><a href=\"https:\/\/www.todhost.com\/blog\/how-to-use-keywords-in-website-content-for-seo-gains\/\">How to Use Keywords in Website Content for SEO Gains<\/a><\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Based on our data, we have identified some of the<strong><a href=\"https:\/\/www.todhost.com\/host\/knowledgebase\/743\/Common-Causes-of-Website-Suspension-and-Deactivation.htnml\" target=\"_blank\" rel=\"noreferrer noopener\"> common reasons your web host could deactivate, suspend or terminate your website<\/a><\/strong>. We will discuss them and <strong><a href=\"https:\/\/www.todhost.com\/host\/knowledgebase\/769\/How-to-Avoid-a-Website-Suspension.html\" target=\"_blank\" rel=\"noreferrer noopener\">suggest ways to address them when these problems arise<\/a><\/strong>.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">What is a Website Restriction?<\/h2>\r\n\r\n\r\n\r\n<p>Website restrictions can take various forms ranging from:<\/p>\r\n\r\n\r\n\r\n<p>Suspension<\/p>\r\n\r\n\r\n\r\n<p>IP restriction\/Access limitation<\/p>\r\n\r\n\r\n\r\n<p>Termination<\/p>\r\n\r\n\r\n\r\n<p>Domain deactivation<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">Suspension<\/h3>\r\n\r\n\r\n\r\n<p>If you find the message &#8220;This account has been suspended, please contact your hosting provider&#8221; then your website has been suspended. This suspension is generally due to a violation of the <strong>terms of service<\/strong> listed by the web host.<\/p>\r\n\r\n\r\n\r\n<p>The common reasons for site suspension will include but are not limited to spamming\/mass mailing, phishing, failing to pay for services when overdue, and <strong>cybercrimes<\/strong>. But basically, in this post, we are concerned with a violation that excludes payment for services.<\/p>\r\n\r\n\r\n\r\n<p>Once your website is suspended, it <strong>tells Google you are not playing by the rules<\/strong>, you cannot be <strong>trusted<\/strong> and so you do not deserve a place at the top of its <strong>search engine<\/strong>. No matter how much you work, failing to avoid situations that get your website suspended will rob you of every benefit of your work which could have helped your <strong>search engine ranks<\/strong>.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">IP Restriction<\/h3>\r\n\r\n\r\n\r\n<p>If you engage in unacceptable practices especially <strong>spammy emails<\/strong>, you could get a warning from spam monitors like <strong><a href=\"https:\/\/www.spamhaus.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Spamhaus<\/a><\/strong> going directly to your web host. Consequently, Your server IP will be restricted to disable your ability to continue to send mass emails and you will be expected to address the situation before normal services are restored.<\/p>\r\n\r\n\r\n\r\n<p>This affects all websites hosted on that server if the affected account was running on a shared IP. This will prompt your web host to <strong><a href=\"https:\/\/www.todhost.com\/host\/knowledgebase\/743\/Common-Causes-of-Website-Suspension-and-Deactivation.html\" target=\"_blank\" rel=\"noreferrer noopener\">take disciplinary actions against you<\/a><\/strong> which could include an immediate suspension or termination without notice.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">Termination<\/h3>\r\n\r\n\r\n\r\n<p>Outright termination occurs when your web hosting account is deleted from the server. You lose your files and there is no way to reverse it except you purchase a new hosting service and uploaded fresh files or a <strong>healthy backup<\/strong>.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">Domain Deactivation<\/h3>\r\n\r\n\r\n\r\n<p>This will have little to do with your web host except that both your hosting and domain registration services are provided by the same company. Usually, if your domain name is marked by your registrar as engaged in <strong>cybercrime<\/strong> and added to the list of domains engaged in <strong>cybercrime<\/strong>, then it will get deactivated and the only option you could have is to change your domain name.<\/p>\r\n\r\n\r\n\r\n<p>Google has in fact said that it will punish a group of domains that are owned by one person if just one of the domains in the group engages in unacceptable behavior. So you also need to be careful about the domains you verify in your <strong><a href=\"https:\/\/search.google.com\/search-console\" target=\"_blank\" rel=\"noreferrer noopener\">Google webmaster account<\/a><\/strong> and ensure that your verified domains are within your control.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">So Why Will Your Web Host Punish You With any of the Above<\/h2>\r\n\r\n\r\n\r\n<p>Now you understand the nature of the punishments you can get for violations. But you don&#8217;t get punished for every violation. For instance, you do not get a suspension like failing to include a privacy policy on your website. So what are the likely violations that can lead to these punishments? Net, we discuss the most <strong>common violations that invoke these penalties<\/strong>:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">1. Spamming<\/h3>\r\n\r\n\r\n\r\n<p><strong>Spamming is sending unsolicited emails<\/strong>. But sending a single unsolicited mail in a day does not cause you trouble. What gets you trouble is mass mailing. If you must send mass emails, you should create a mailing list using software like phplist. phplist is available in <strong><a href=\"https:\/\/www.todhost.com\/host\/knowledgebase\/478\/Overview-of-Quickinstall.html\" target=\"_blank\" rel=\"noreferrer noopener\">QuickInstall<\/a><\/strong> under the software section of your website cpanel.<\/p>\r\n\r\n\r\n\r\n<p>Sometimes, spamming is a result of exploitation on your website. For instance, automated user registrations have been found to occur in some cases creating a problem for websites.<\/p>\r\n\r\n\r\n\r\n<p><strong>Solution<\/strong><\/p>\r\n\r\n\r\n\r\n<p>The recommended approach to deal with user registration is to update your software to its latest version, disable user registration from your website admin dashboard, or simply disable the user registration module or plugin.<\/p>\r\n\r\n\r\n\r\n<p>Generally, spamming can be addressed by ensuring that emails to which you send emails are verified. If you send emails and receive bounces, check them very well to be sure of the reason for the bounces and address them. The best way to go is to use emailing software like phplist.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">2. Phishing<\/h3>\r\n\r\n\r\n\r\n<p>Phishing websites are created just for cybercrimes. They are designed to look like an original website and so users get confused not knowing they are dealing with a fraudster. They input the login details, usually financial in nature, and unknowingly reveal their critical information such as e-banking login details to criminals.<\/p>\r\n\r\n\r\n\r\n<p>On Todhost, a phishing website will be terminated without asking questions. Once we conclude investigations and confirm it is a phishing website, we will terminate the account immediately.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">3. High Load Issues<\/h3>\r\n\r\n\r\n\r\n<p>This is a common cause of website suspension. High load occurs when a website is targeted with heavy traffic. Most times, it is an attack and causes a high load which could crash the server. High loads are usually exploited when the website is not well-optimized.<\/p>\r\n\r\n\r\n\r\n<p>The best way to mitigate this kind of attack is to run on the most recent version of the software with all plugins, modules, and extensions updated. There are also some <strong>htaccess rules<\/strong> that help secure websites against attacks such as <strong>SQL injections<\/strong> and prolonged attacks.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">4. Direct Attacks<\/h3>\r\n\r\n\r\n\r\n<p>Direct attacks occur when clients use weak login credentials especially weak passwords. Some clients use very weak passwords like theirdomains@1 and similar passwords which are easy to memorize. The consequence is that they are also easy to break with a brute-force attack.<\/p>\r\n\r\n\r\n\r\n<p>The following security practices are recommended to prevent this kind of intrusion or attack.<\/p>\r\n\r\n\r\n\r\n<p><strong>Follow basic security practices.<\/strong><\/p>\r\n\r\n\r\n\r\n<p>Use robust login credentials with uncommon passwords to make it difficult for hackers to gain access to your site. If possible, incorporate two-factor or multi-factor authentication to improve security posture further.<\/p>\r\n\r\n\r\n\r\n<p>Here is a guide to password protection.<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\">Adopt Long Passphrases<\/h4>\r\n\r\n\r\n\r\n<p>For years, businesses and individuals have adopted the practice of combining numbers and symbols to create stronger passwords. However, it didn\u2019t take long for cyber criminals to catch on to the practice of substituting some letters in the word with certain numbers or symbols, like \u2018e\u2019 with \u20183\u2019 and \u2018s\u2019 with \u2018$\u2019. There are many automated tools out there that will easily crack simple substitutions like that.<\/p>\r\n\r\n\r\n\r\n<p>To mix things up even more than substituting special characters, the US National Institute of Standards and Technology (NIST) recommends creating long passphrases that are easy to remember but difficult to crack. According to\u00a0<strong><a href=\"https:\/\/pages.nist.gov\/800-63-3\/\" target=\"_blank\" rel=\"noreferrer noopener\">Special Publication 800-63 Digital Identity Guidelines<\/a><\/strong>, a best practice is to create passwords of up to 64 characters including spaces. The popular web comic<strong><a href=\"https:\/\/xkcd.com\/936\/\" target=\"_blank\" rel=\"noreferrer noopener\"> XKCD<\/a><\/strong> compared the strength of a complex password\u2014\u201dTr0ub4dor&amp;3\u201d\u2014and a long passphrase\u2014\u201ccorrect horse battery staple\u201d. They found that it took only 3 days to guess the password created in with special character substitutions, while the passphrase would take 550 years to crack.<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\">Avoid Periodic Changes<\/h4>\r\n\r\n\r\n\r\n<p>A popular password security practice over the years has been to force users to change passwords periodically. However, more recent guidance from NIST advises not to use a mandatory policy of password changes. One reason is that users tend to transform their old passwords or just repeat the ones they had used before. You can implement policies to prevent password re-use, but users will still find creative ways around it. The other consequence of frequent password changes is that users are more likely to write the passwords down to keep track of them. While they comply with company policy, their passwords are still easy to guess or crack. Thus, a best\u00a0<strong><a href=\"https:\/\/www.ncsc.gov.uk\/articles\/problems-forcing-regular-password-expiry\" target=\"_blank\" rel=\"noreferrer noopener\">practice<\/a><\/strong> from NIST is to ask employees for password changes only in case of potential threat or compromise.<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\">Create Password Blacklist<\/h4>\r\n\r\n\r\n\r\n<p>Hackers usually start their attacks with attempts to guess a password by using a database of the most popular passwords, dictionary words, or passwords that have already been cracked. NIST encourages enterprises to also arm themselves with these sources of common passwords in order to create their own blacklist. Comparing new passwords to this list, enterprises can prevent the usage of weak passwords by employees. Moreover, it is quite effective to add a limit on the number of failed login attempts in order to detect and reject\u00a0<strong><a href=\"https:\/\/en.wikipedia.org\/wiki\/Brute-force_attack\" target=\"_blank\" rel=\"noreferrer noopener\">brute force<\/a><\/strong> or\u00a0<strong><a href=\"https:\/\/en.wikipedia.org\/wiki\/Dictionary_attack\" target=\"_blank\" rel=\"noreferrer noopener\">dictionary attacks<\/a><\/strong>.<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\">Implement Two-Factor Authentication<\/h4>\r\n\r\n\r\n\r\n<p>Two-factor authentication has already become a de facto standard for managing access to corporate servers. In addition to traditional credentials like username and password, users have to confirm their identity with a one-time code sent to their mobile device or using a personalized USB token. The idea is that with two-factor (or multi-factor if you want to add additional factors) authentication, guessing, or cracking the password alone is not enough for an attacker to gain access. This type of authentication is effective for enhancing identity validation when employees try to access critical endpoints, sensitive data, or confirm transactions and other critical actions. For these purposes, you can use user monitoring solutions like for in-built two-factor authentication. Such solutions will also keep you updated about users\u2019 activity on your business network.<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\">Add Advanced Authentication Methods<\/h4>\r\n\r\n\r\n\r\n<p>While passwords are still widely used for authorization, there is an increasing tendency to shift to non-password-based, advanced methods. Instead of passwords, users can be authenticated through the use of biometric verification\u2014like logging in to an iPhone using a thumbprint with Touch ID or authenticating on a Windows 10 PC just by looking at it with Windows Hello facial recognition. This method allows the system to identify employees by recognizing their faces, fingerprints, voices, irises, or heartbeats. Moreover, there is also behavioral biometrics that creates a unique profile of each user by analyzing their interactions with the system (typically used applications, unique keystrokes,s, and mouse dynamics).<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\">Apply Password Encryption<\/h4>\r\n\r\n\r\n\r\n<p>Encryption provides additional protection for passwords even if they are stolen by cybercriminals. There is a popular tendency to use reversible encryption or apply only one-way encryption. However, these methods are ineffective\u2014if an attacker obtains the password database they can easily crack and compromise the passwords it contains. Instead, the best practice is to consider\u00a0end-to-end encryption that is non-reversible. In this way, you can protect passwords in transit over the network. Moreover, it\u2019s dangerous to store password files in plain text. There are many cases where hackers have compromised an enterprise\u2019s password database and walked away with unencrypted passwords.<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\">Protect Accounts of Privileged Users<\/h4>\r\n\r\n\r\n\r\n<p>Accounts of privileged users require additional protection as they provide access to sensitive data and other privileged actions. The best practice is to provide these users with a different login URL and allow only a single sign-on attempt. In case of a failed login attempt, you can lock out a privileged account in order to prevent unauthorized access.<\/p>\r\n\r\n\r\n\r\n<h4 class=\"wp-block-heading\">Ensure Secure Connection<\/h4>\r\n\r\n\r\n\r\n<p>Nowadays, there is a wide range of devices and places that can provide access to your corporate networks. However, hackers can easily steal passwords if employees use unsecured Wi-Fi connections or devices that don\u2019t belong to them. For securing your Wi-Fi network, you can use a Wi-Fi Protected Access (WPA) 2 that applies stronger wireless encryption methods than its predecessor.<\/p>\r\n\r\n\r\n\r\n<p>If you have remote workers, you can consider providing a secure VPN connection. After authentication to which, users can securely connect to corporate servers, as all the traffic is protected through a VPN tunnel.<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>If you run a website built on a Content Management  [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":47,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-333","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-digital-marketing-seo"],"_links":{"self":[{"href":"https:\/\/www.todhost.com\/blog\/wp-json\/wp\/v2\/posts\/333","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.todhost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.todhost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.todhost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.todhost.com\/blog\/wp-json\/wp\/v2\/comments?post=333"}],"version-history":[{"count":3,"href":"https:\/\/www.todhost.com\/blog\/wp-json\/wp\/v2\/posts\/333\/revisions"}],"predecessor-version":[{"id":2653,"href":"https:\/\/www.todhost.com\/blog\/wp-json\/wp\/v2\/posts\/333\/revisions\/2653"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.todhost.com\/blog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.todhost.com\/blog\/wp-json\/wp\/v2\/media?parent=333"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.todhost.com\/blog\/wp-json\/wp\/v2\/categories?post=333"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.todhost.com\/blog\/wp-json\/wp\/v2\/tags?post=333"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}