My Website is Infected!
- What is a Malware Infection? ⤵
- Find Out How You Were Hacked ⤵
- Options for Infected Websites ⤵
- Removing Infected Files and Directories ⤵
- Google Attack Page ⤵
What is a malware infection?
Malware, short for malicious software, is created by cybercriminals with the intent of causing harm to a website. It is used to steal sensitive customer information, hold websites for ransom, or even take control of the website itself. In many cases, victims of malware may not realize they've been attacked until it's too late.
There are a variety of ways a cybercriminal can use malware to infect your website. When cybercriminals find vulnerabilities in your website, they are quick to attack. First, they'll decide why they want to access your site. Then based on their intent, they'll determine the type of malware to use.
Find out how you were hacked
If your account has been compromised, knowing what caused the compromise will allow you to address the root cause directly and prevent it from happening again and save you from having to worry about how it happened.
HostGator now offers a root cause analysis of your account. Our administrators will carefully examine your logs and files for how they were modified, when, and by who, and will frequently be able to provide you with real information about exactly what you can do to prevent your account from being compromised the same way twice.
How much is a root cause analysis?
We will perform a root cause analysis of your account for $37.50, which can only be submitted if your cPanel has been proven to be infected.
How can I order a root cause analysis?
Is there anything I need to do?
Please do not restore your account until after the analysis is complete for the best results. Restoring your account can modify files and logs, preventing the root cause analysis from providing helpful information.
If you need to restore your account immediately, we can still perform analysis and not charge you if no information is found.
Options for infected websites
Learning your website has been infected with malware is frustrating, but you aren't alone and have options. When you contact HostGator support about malware infection, we will help you choose the best option to secure your site. While HostGator does not offer any direct malware removal services and cannot troubleshoot an infected site, there are several ways you can remove malware.
Professional malware cleaning services
Having experts clean the malware infection from your website is an excellent option if you don't have the time and expertise to do it yourself. Our security partners at SiteLock can help you remove malware on your site and provide solutions to prevent future infections proactively.
- Restore your site
You can restore your website using a backup made before your site became infected with malware. If you do not have a backup, HostGator can provide you with one for a fee. You must use a backup made before the site is infected to remove the malicious code altogether. If not, your restored site will remain infected. Be aware that you will lose any changes made to your site after creating the backup you use. Even after restoration, your site will likely have the same vulnerabilities that would allow it to be compromised again. For this reason, it is important to take additional proactive measures with your website security.
- Create a new site
If your site cannot be restored or repaired, a final option is to create a new website.
Preventing website attacks is always easier and cheaper than repairing a site that has been infected with malware. HostGator recommends you choose a website security plan from our partners at SiteLock. Check out the discounts available to HostGator customers: SiteLock Special Offer.
Removing infected files and directories
When a site is compromised by malware, we recommend using a professional service to guarantee resolution and prevent future infection. If you cannot hire a professional, you can attempt to fix your website yourself. To do this, you need to identify and remove recently added or modified files or directories.
Exercise extreme caution when removing website files and directories because you can disable features and functionality on your site, and it does not guarantee the removal of malicious code. Additionally, file removal does not address vulnerabilities that allow attackers to access your site. Finally, by choosing to self-service a site infection, you take full responsibility for changes made to the site, any files deleted, and or breaks in functionality.
To identify infected files or directories look for:
- Strangely named files or directories (i.e: xf8c3l.php or /home/username/public_html/wellsfargo).
- PHP files are located in image folders.
- Base64 or other encrypted injections inside site files can be removed using file editors.
If your website is currently under investigation, please DO NOT MAKE CHANGES, including removing files and directories.
Google attack page
If you see Google's "Reported Attack Site!" warning on your website, read the following article to learn how-to clean the site and remove the warning: