Knowledgebase

An easy and safe way to avoid a website penalty is to keep to the safety rules. This simply means that you obey the terms of service of your web hosting provider. In short, stay away from those actions that lead to suspension. You will want to know what could cause a website suspension for your account.

You will also want to read:

Common Causes of Website Suspension and Deactivation
Frequently Asked Questions About Phishing Websites
Glossary of Web Hosting Terms
How can i check the speed of my website?
How to Address Excessive Resource Usage on a Web Hosting Account

 

 

One of the most common reason for a website suspension is an unpaid bill which has passed its due date. Todhost web hosting will usually allow a period after the due date for bills to be paid. This period can also be extended if a client sends a request to Todhost Support for an extension. The extension could be between -10 days. If the invoice remains unpaid, the account will be suspended. A suspended account will remain on Todhost servers for up to 30 days. It could also be left on server for as low as 14 days. The period allowed for an account which is in an unpaid state to stay on our servers will depend on company policy at the time. It varies.
This can be a very serious problem and could lead to an outright termination without questions. Malware related problems are not taken lightly. Detecting and removing can take long hours of work and careful monitoring to detect where the problem is emanating from. There are lots of third party scripts, like the Sucuri plugin for WordPress, which can help deal with malware problems.
Malware infections have often been associated with outdated plugins and extensions. Keeping your software up-to-date is therefore crucial for your security.
Some content management systems like Joomla and WordPress have an active support community that have developed plugins and extensions which can scan those content management systems and help clean them.

Also read:

A General guide to Safe Website Updating
How to prevent your website from a hack
On-Page and Off-Page Search Engine Optimization - Keys to SEO Success
Web Hosting Options to start your online business

2. High Load

 

This is a common problem with most websites. Often times, it occurs based on an exploitation or inexperience of the website designer. Most new web designers using content management systems will build their websites without enabling the cache system.

If your website is suspended for high load, you will need to contact customer support to restrict access to your IP address alone so you can have access and update your website.

You will need to look at some few things to deal with the problem:

• Check for any malware infection
• Check your cache system to see if you have enabled the cache for your content management system.
• Check if there is a file creating the load problem. In WordPress, the xmlrpc.php file often results in load issues. To fi this, add the following line of code to the .htaccess file:

<Files "xmlrpc.php">

Order Allow,Deny

deny from all

</Files>

Dealing with load issues will depend on the content management system or website design script in use.

3. Unpaid Bill

Some persons have ignorantly sent out massive emails for genuine businesses. However, some servers will easily detect a spammy behavior even though the emails sent were intended for genuine purposes.

You will require some basic steps to stay away from a spam penalty:

1. Do not build a mailing list out of emails entered into your “contact us” form. This is the mistake a lot of people make
2. If you must mass mail, use a double opt-in system like phplist. You can install phplist from your cPanel control panel.
3. Avoid the use of the cPanel auto responder. It can send emails to any mail account even when they do not eist any longer.
4. Chec the email settings of your script to prevent an easy exploitation.
5. Remember to enable Captcha-Recaptcha on your settings to prevent automated submission/spamming.
6. Avoid using a cron to send emails. It could be interpreted as spamming.

5. Phishing Websites

 

Physhing sites are basically fraudulent websites seeking to obtain loin information, mainly financial data, from customers of a real website they try to mimic. What the fraudsters do is to copy an easting website and make slight adjustment to the website url so careless customers will not even detect they are fraud.

For instance, if the official website of a bank is xyzbankk.com, the phishing website url can be yz-bank.com If you are not careful, giving that the design and content of the fake will be the same with the real, you may just input your details on the fake not knowing that you have just eposed your login information to fraudsters. The result will be that you become a victim of fraudsters on your real banking account.

 

Vulnerabilities can be due to poor coding. It can also be as a result of some compatibility issues. If you run an update on your script and do not update the plugins, components and modules, the compatibility issues created can make your website vulnerable.

1. Injection

Injections let attackers modify a back-end statement of command through unsanitized user input. SQL injection is currently the most common form of attack yyou will find on the web, this kind of attack occurs when a website is not coded properly and the hacking tools used to find weaknesses and take advantage of them are commonly available online. This kind of exploit is easy enough to accomplish that even inexperienced hackers can accomplish mischief. However, in the hands of the very skilled hacker, a web code weakness can reveal root level access of web servers and from there attacks on other networked servers can be accomplished.

Securely authenticating users, managing their sessions when connected, and ensuring proper logout when the sessions end are essential activities when delivering web applications. Each of these activities can provide a target for malicious attackers trying to compromise a web application.

Cross-site scripting is a type of vulnerability that lets attackers insert Javascript in the pages of a trusted site. By doing so, they can completely alter the contents.

To protect against script injections and attempts to modify PHP’s global and request variables, add the following code to your site’s root .htaccess file:

<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F,L]
</IfModule>

This has to do with the incorrect misconfiguration of the server or of the application itself.

This category deals with a lack of data encryption in transport and at rest. If your Web applications do not properly protect sensitive data, such as credit cards or authentication credentials, attackers can steal or modify the data to conduct credit card fraud, identity theft or other crimes. To prevent this kind of attack, make sure to install the latest security updates.

This category covers situations in which higher-privilege functionality is hidden from a lower-privilege or unauthenticated user rather than being enforced through access controls.

This type of attack is used in conjunction with social engineering. It allows attackers to trick users into performing actions without their knowledge. The most common method to prevent Cross-Site Request Forgery (CSRF) attacks is to append unpredictable challenge tokens to each request and associate them with the user’s session. Such tokens should at a minimum be unique per user session, but can also be unique per request. By including a challenge token with each request, the developer can ensure that the request is valid and not coming from a source other than the user.

This category is about using unpatched third-party components. Attackers can easily exploit old third-party components because their vulnerabilities have been publicized, and tools and proof of concepts often allow cybercriminals to take advantage of these flaws with ease. Any script kiddie can conduct an exploit. This is prevented by making sure to install the latest security updates.

This category of vulnerabilities is used in phishing attacks in which the victim is tricked into navigating to a malicious site. Attackers can manipulate the URLs of a trusted site to redirect to an unwanted location. You can prevent this vulnerability by making sure to install the latest security updates and run the latest version of software including plugins, components and modules.