This site is not currently available. Please check back later.

Site owner?

Ack, what happened to my site?

In short, it was hacked/exploited and we had to take it down.

The most common forms of exploit are:

Are you catching the theme here? The vast majority of hacking is trying to use your site to send spam. If we had left your site alone, it could have had a number of effects such as sending massive amounts of spam (which results in our server being blacklisted so legitimate emails get blocked as spam also), using up a large amount of server resources that others are paying for, or attempting to hack into other accounts.

What can I do to get my site back online?

  1. Open a ticket with Technical Support.
  2. Tell them that your site (or portions thereof) has been disabled by Acorn Host because it was hacked or exploited.
  3. Tell them you intend to address the problem and need more information about how to do so.
They will let you know how to proceed. Prepare by reading the section below under "What can I do to prevent this happenign again" that pertains to you.

What can I do to prevent this happening again?

Securing WordPress
  1. First thing, update WordPress to the latest version.
  2. Delete any themes you are not using. This includes the "default" themes like TwentyTen.
  3. Delete any plugins you are not using.
  4. Update any plugins and themes you are using to the latest versions.
  5. Important Make sure you update WordPress and all plugins and themes that have updates as soon as possible after they come out, and no less than once per month. If you cannot commit to this, please hire a web designer to do so.
  6. Read up on more ways to secure WordPress, such as these articles at Smashing Magazine and in the WordPress Codex.
Securing Your Website Built with Joomla, Drupal, or other CMS software
  1. First thing, update the software you are using to run your site to the latest version.
  2. Delete any themes, templates, or skins you are not using. This includes the "default" themes.
  3. Delete any plugins ro extensions you are not using.
  4. Update any plugins and themes you are using to the latest versions.
  5. Important Make sure you update your main software and all plugins and themes that have updates as soon as possible after they come out, and no less than once per month. If you cannot commit to this, please hire a web designer to do so.
  6. Search on Google to read up on more ways to secure your software. Good search terms would be "Joomla security" or "Drupal security", etc.
Securing Your Custom Coded Website
The steps you need to take depend on how your website was built, but some general guidelines are:
  1. Does your website have a contact form? Was it written recently and/or a secure version? If not, please replace it either with a more recently written version or secured version, or consider using a third-party service like WuFoo who let you have several free forms. Using a third-party or hosted form eliminates any security concerns from your contact form.
  2. Does your website have a way to upload files? This could be an avatar, at attachment, or any other place in your code where uploads are possible. If so, make sure whatever method you are using is secure. In particular, consider adding .htaccess deny rules to your uploads directory so files there cannot be acccessed directly.
  3. Are your permissions correct? All our servers are set up so PHP is running as the user, so it should not be necessary to make folders have insecure permissions like 777.

How can I be sure my site is clean?

You can scan your site regularly using services like Sucuri SiteCheck. This scan checks if your site has any malware currently.

A clean scan is not evidence that your site is secure, just evidence that it isn't currently hacked (and the scan is not 100% accurate). You still need to secure your site as described above.

I still get a warning in my browser saying my site is insecure.

If you have secured your site as we've directed and removed any uploaded files or injected code, you can request delisting using Google's Webmaster Tools. Please be aware that as your host we have no control over this process.