Hello-

Static HTML files can be compromised too. If hackers succeed to have access to your VPS, in a way or another, they can modify your static HTML as well. This would require the hackers to have access to your FTP, sFTP, etc... or/and SSH. Eventually, they can also exploit security hole at the level of the web server software (apache, nginx, etc...).

Are you still battling the phishing pages problem you had reported previously here? See: [webmasterworld.com...]

If you are in doubt about having more problems you can go back there to check your site. I am surprised if that same problem returns because Google would check your fix to be sure it was OK before accepting your sites again.

The security hole will not be in the HTML, so not in the site per se. They will be in the web server, or the OS, or other things running on the same server.

What OS are you running on your VPS? In general you barely need anti-malware on Linux or Unix and there are free and open source options, so you should not be buying licences for anything expensive.

If this is the same problem as in your other thread:

1. You could consider setting up a new VPS and copying the content over. Cleaning up a VPS after its compromised can be quite difficult.
2. You could consider switching to shared hosting. It can be pretty cheap even for multiple sites these days.

they charge a lot for their malware software

This sounds like a landlord who has never once changed the locks to enter the building, no matter how many reported breaches there have been, and instead asks tenants to pay through the nose for optional-extra security systems. Sometimes your best option is to move.

^^^ Best advice!

Your host should have these things in place, not just for your, but for their business as well!

I have experience with BH, shared hosting, but with Wordpress. I recommend moving. My customer was hacked but not through WP. We never found out how. The site was intact but a huge amount of extra php files detected all over the install. BH's shoulder shrugs were not helpful.

Static html files hacked? Really? You'd need to break into the OS first, and the owner can simply re-upload the files. I would not pay for additional protection for static html files.

This sounds like a landlord who has never once changed the locks to enter the building, no matter how many reported breaches there have been, and instead asks tenants to pay through the nose for optional-extra security systems. Sometimes your best option is to move.

I would agree if it was shared hosting, but this is a VPS. The whole point is that you configure it the way you want, and if its unmanaged you take complete responsibility.

If it is a managed VPS then it depends on exactly what they are planning to do. Unless your sites are a target that need better than usual security, then I would say its part of what you are paying for already.

You are usually better off putting static sites on shared hosting. I did put a new static site on a VPS yesterday but I need the VPS anyway so its not much extra work.