My site ended up unexpectedly being shut down for a couple of hours yesterday, so I do apologize if anyone tried to read anything that I have here and was unable to do so. Needless to say, it was quite a wild ride! It all started a couple of weeks ago, when I started receiving some feedback from my friends and readers that my site was showing up on their antivirus software as possibly having malicious content, specifically a Trojan. I have only been self hosted for a few short months, so I dont know too much on the subject or the inner workings of things. I ran a full scan on my computer, which turned up nothing and then I called BlueHost, who hosts my website and asked what they could do about this. The man from technical support ran a scan on his end, also found nothing malicious on my page and told me that if I could provide evidence of these alerts or of the malicious software that BlueHost could investigate further. I put out the call for people to send me some screenshots of what the man asked for and a very dear friend sent me an e-mail the other day with exactly what I needed. I immediately shipped that off to BlueHost and awaited their response. Near the end of my work day, I received two e-mails from BlueHost, one telling me that they had found a large amount of malware in my site and had created a folder with all of the information about it in there. The second e-mail was from the Terms of Service department, telling me that a third party sent them a complaint about the malware on my site and that they determined that I was phishing, which is a violation of the Terms of Service. Because of this infraction, they were going to deactivate my site and give me 15 days to contact them and get the matter resolved, or else they would potentially delete anything that they are hosting of mine. I called the Terms of Service department and they basically blamed everything on me. They denied any responsibility for the malware getting through and told me that it is my job to monitor my site and make sure that it remains free of such things. They denied any knowledge of promises that were made to investigate or clean up the site further and were unsure why someone in their technical support department would make such claims. I was given the name of two third party companies that would be happy to help me clean up my site and help keep it clean, all of course for a low monthly fee. Needless to say, I was pissed. I didnt know any of this. I assumed that by paying them to host my site, that they were also going to keep it safe. There was never any indication that they did not automatically provide this service to me and this was the first time I had ever been offered the services of other companies to do such things. It never came up until now. Terms of Service wrapped up the call by stating that they would be happy to reactivate my site, if I could show them that the site was free of all malware and other potentially suspicious software and they would wait to hear my response on this. I didnt know where to begin. One of my friends offered his assistance with this and we sat on Vent together and figured out what to do. I gave him the information that would allow him to access my control panel through BlueHost, to see what he could do. Mind you, I wouldnt suggest you do this for just anyone, but these were desperate times and I really felt I could trust him. As he is working on cleaning up my site, he was surprised to discover that nearly a dozen phishing sites or companies had basically taken up residence on my server. Some of them were masquerading as tax companies or well known banking institutions. It was an impressive feat and certainly not something done by amateurs. After he felt like he had cleared everything malicious out, I called BlueHost to see if my site met with their approval and if my blog could be reactivated. The man on the line said I still had three pieces of malware remaining that they would like to see removed. Let me get this right – they can tell me where the malware is and what it is, but they cant remove it? How does that work? Again, its not their job. Or at least thats the way they see things. So, I dragged my friend back on Vent and he removed the last three pieces of malware, to BlueHosts satisfaction. Minutes later, my site was reactivated and everything appeared to be back to normal.I walked away from this experience feeling paranoid and confused. How on earth did this happen? I have always prided myself on being smart about my web surfing and my online shenanigans. I dont open attachments Im not sure of. I dont give out my password to strangers. I use authenticators. I run virus scans often. I dont unscreen comments that look suspicious. I dont download porn from sites that I dont trust and that arent secure. I would like to think Im a smart person, in that regards. I also dont know how to prevent this from happening again. I really assumed that I would be safe, that my host would keep me safe. That didnt happen. My friend and several others offered me hosting on their spaces and Im seriously considering taking them up on this. I dont need massive amounts of storage or numerous e-mail addresses. I just want to feel safe. I want to know that I can have a site up and running thats not going to negatively affect those who try to read it or that will negatively affect me. I didnt even know something like this was possible. So Im trying not to give this too much thought and move on. Im still trying to determine where Im going to end up, come 4.3. I havent had any luck finding any runs in my current guild or group that are looking for healers or that would have me back (after the whole me refusing to go discipline fiasco), so Im having to take my business elsewhere. I had one guild interview last night that I thought went well and I have had a few offers from others, too. I really want to make sure I do it right this time and that I find a group that I enjoy first and that I can progress with second. Before, it was the other way around and I realize that maybe that wasnt the best way to go about things. I have learned that and Im still learning other things, too. I just need to find the right group that is willing to learn with me and possibly even teach me a few things, too.