On Sunday we reported that a number of sites hosted by Bluehost had been hacked (including their CEO’s blog).
On Monday while browsing through some of their forums, we noticed a thread regarding the exploit with remarks from forum moderators and administrators to curious customers that didn’t quite make sense.
#1 from one moderator:
Since such a negligible percentage of Bluehost sites were hacked it is just about guaranteed that it is an individual script issue rather than anything more widespread.
If it were something other than individual scripts being vulnerable then a lot more than 0.00006% of accounts would be affected.
It would be interesting to learn what Bluehost considers a negligible percentage for something like this. We’re also curious to learn more about how the .00006 percentage was determined. More on the numbers we calculated included below.