DN&P All of my websites were taken down by Hostgator due to an automated TOS/CPU violation.

[Sadhelenn]

Out of nowhere, my websites suddenly went down and I received an email from Hostgator notifying me that my account ### on gator4162.hostgator.com was disabled due to excessive CPU resource usage over a prolonged period of time, which could affect the server's performance and stability. I find this odd because my websites don't receive much traffic, and according to Statcounter, all seven of my sites collectively didn't even receive 300 hits that day.

I've been using Hostgator's shared plan for seven years, and this has never occurred before. Additionally, I haven't made any significant changes to my websites recently, such as adding new plugins.

Do you have any advice on what I should do?

 

[DarthBradley]

Contact their customer support and ask about the verification or data regarding the CPU overages. Inform them that your traffic counter indicates approximately 500 visitors per month.

Attempt to obtain relevant information from them and determine whether these overages are permanent. If they confirm that the overages are permanent, request backups of your websites and proceed to change your name servers to direct to a different location.

 

[Cahalfie]

It is highly probable that one of your websites has been compromised and used for purposes such as sending high volumes of traffic or hosting phishing pages, resulting in a significant resource consumption.
Kindly request the hosting provider to temporarily lift the suspension on the account so that you can investigate the cause of the overage and take necessary measures to resolve it. Emphasize that your website's traffic is generally low, suggesting that the issue must stem from another source.
In case they decline your request to unsuspend the account, politely ask them to provide you with backups of your website.

 

[FarerKin]

I have the ability to retrieve the backups myself as I have access to my cPanel.

 

[Anita]

Reach out to the support team and express your concerns that your account may have been compromised due to a potential hacking incident.

 

[Prepinfo]

I have the ability to retrieve the backups myself as I have access to my cPanel.

Here's a suggested plan of action:

1. Start by taking offline backups as a priority. Download all available data in easily accessible file formats.
2. Access the file manager and sort the files by date, clicking on the "date" column to display the most recent edits.
3. Visit each directory to carefully examine any suspicious or unusual activity.
4. If you are using HostGator, you can use the ClamAV antivirus tool within cPanel. Log in to your cPanel account, select 'Virus Scanner,' and run a scan to identify any potential threats.
5. If you discover any infected files, make sure to fix them and include this information in your communication with the support team.
6. If you find no suspicious activity, kindly request the support team to temporarily lift the account suspension. Explain that your websites have low traffic and assure them that once the account is unsuspended, you will perform an "Integrity Scan" using Wordfence to ensure the integrity of all site files. Additionally, consider reinstalling WordPress for added security measures.

 

[Iamassit]

I have examined the files using the "date" sorting method, but I didn't come across anything suspicious or unusual.

Despite searching for "clamd" or "virus" in cPanel, I couldn't locate any relevant options or features.

I have already requested the support team to lift the account suspension. In my communication, I mentioned that I installed a caching plugin on one of my WordPress sites and that I plan to run Wordfence for further security measures.

While I am willing to take down both of my WordPress sites if necessary, my priority is to get one particular site up and running as soon as possible. It is of utmost importance to me.

I must admit, this situation is quite frustrating and unfortunate.

 

[Slipoire]

Did you enable Cloudflare proxy for your website? Did you implement any standard anti-DDoS measures like the 7G firewall? I'm also curious to know what information your AWStats log provides.

 

[Hugzho]

I don't use Cloudflare for my website.

I'm not familiar with the 7G firewall you mentioned.

Regarding AWStats, I'm not familiar with it or its functionalities.

 

[Forlifect]

It is likely that a bot is causing issues by getting stuck in a loop on the contact form.

 

[Hippoon]

Due to the suspension of the hosting, the Wordfence scan fails on both of my WordPress sites. This is likely the reason behind the scan's inability to complete successfully.

 

[Dularket]

1. It is advisable to avoid using shared hosting as every hosting provider imposes limitations on such plans. It would be more beneficial to opt for a Virtual Private Server (VPS) instead.
2. Based on my experience, the majority of server resources are consumed by bots. To address this, you can implement measures to block all bots except for the Google bot, ensuring that it remains unblocked for legitimate indexing purposes.