One of the several websites that I maintain was hacked yesterday. Probably through SQL injection. It simply left a php file in the root directly that replaced the index.php
header(“HTTP/1.1 301 Moved Permanently”);
header(“Location: http://www.bestrusvids11.com/?sid=6386”);
exit();
Bluehost promptly disabled all the domains associated with my hosting, without a single warning. Now their Terms Compliance team is out of office, back after 7 hours and I am impatiently looking at my rating drop in Google, as the crawler reports “Pages not found”.
The least bluehost could do was return a 503 error so that Google knew it was temporary.