As a website owner, the security and maintenance of your website is your responsibility. However, the website host is responsible for the security and maintenance of their servers. Like an apartment building superintendent, shared hosting providers are responsible for making sure the building (server) is up to code and the exterior fence locks (global firewalls). Websites are tenants in this high-speed high rise and are expected to lock their own doors and windows to prevent intruders.
Many types of malware can negatively impact the performance or security of a shared hosting server. This means that malware could potentially spread beyond your website, infecting other customers who share the server with you. Malware can cause both infected and non-infected sites that share the same server resources to slow down or become inaccessible. For these reasons, hosting providers run cursory malware scans on all websites hosted in their system and alert site owners when their site is found to be infected. In order to mitigate the risks associated with infected websites, hosting companies will take these sites offline as a precaution.
While this may seem like a punishment for being compromised, it is actually done to protect the website owner, as well as the hosting server. Having your website account suspended and taking it offline will prevent the site’s visitors from being victimized. In Q3 2017, SiteLock found that nearly 15% of malware detected was classified as a visitor attack, a type of attack designed to cause harm to a website’s visitor. Malware categorized as a visitor attack includes malicious redirects, SEO spam, and phishing. This type of malware is designed to harm unsuspecting visitors to the infected site.
Having your website account suspended also ensures that no further damage is done while the infection is addressed. In Q3 2017, the average infected website contained 283 malicious files. While the website is suspended, attackers cannot continue to upload malicious files.