- Find Out How You Were Hacked
- Emergency Cleaning for Urgent Help
- Options for Hacked or Compromised Sites
- What to Look For in a Hacked Account
Find Out How You Were Hacked
If your account has been compromised, knowing what caused the compromise will allow you to address the root cause directly and prevent it from happening again, and save you from having to worry about how it happened.
HostGator now offers a root cause analysis of your account. Our administrators will carefully examine your logs and files for how they were modified, when, and by who, and will frequently be able to provide you with real information about exactly what you can do to prevent your account from being compromised the same way twice.
How Much is a Root Cause Analysis?
We will perform a root cause analysis of your account for a fee of $37.50, which will only be charged if we are able to provide you with information regarding how your account was hacked.
How Can I Order a Root Cause Analysis?
To have a root cause analysis, please contact us and request to have a Root Cause Analysis performed for your hacked account.
Is There Anything I Need to Do?
For best results, please do not restore your account until after the analysis is complete. Restoring your account can modify files and logs which may prevent the root cause analysis from providing useful information.
If you need to restore your account immediately, we can still perform an analysis, and will not charge you if no information is found.
Emergency Cleaning for Urgent Help
We understand the stress involved in any kind of account compromise, particularly when you need your site to be up and available and safe for your customers. When your site is down, you need a solution fast.
HostGator has partnered with SiteLock to provide 911 emergency cleanings for sites that need to be accessible and safe fast. If your site is already compromised and you do not already have SiteLock service, this is the solution we recommend to get your site running fast.
To get 911 emergency cleanup for a compromised account and get back online fast:
- Login to your billing portal.
- Click the Hosting tab.
- Click the SiteLock icon from the menu bar at the top, then click the Get Help Right Away button:
You'll be able to select the affected domain that you need assistance with. SiteLock even provides a discount for your emergency service if you sign up for either the Fix or Prevent plans so that you will be better prepared to prevent your account from being infected in the future.
Options for Hacked or Compromised Sites
Finding out that your account has been compromised by malicious activity can be incredibly stressful. By the time you find out, it is possible that the compromise of your content can have extremely adverse effects including, but not limited to: email blacklisting, Google attack warning pages blocking your content, or even suspension of your account.
At this time, HostGator does not offer any direct services to assist with malware removal for websites that have been compromised. If your account has been compromised, the following options are available to you:
- Malware Cleaning Services: Attempting to have your site repaired/cleaned is a potential option. We recommend SiteLock's anti malware services, however their basic plan would not be sufficient for a site that is already infected, you'll need to purchase emergency cleaning to assist with a site that's already compromised.
- Restore Your Site: If you have a backup prior to the compromise of your site, you may restore your site from that backup. HostGator makes weekly backups of eligible accounts which may be used for a fee. It is important to be aware that if the backup was made after the site was hacked it will still contain the hacked code, and if it is not hacked, it may have the same vulnerability that would allow it to be hacked again without preventative measures.
- Create a New Site: A final option if the site cannot be restored or repaired may be to create a new website or to hire a developer to create a new website for you.
If you contact our support for assistance with a hacked site, we will direct you to one of the options above. For security purposes our agents cannot directly troubleshoot a site that is believed to be compromised.
What to Look For in a Hacked Account
In all cases, we recommend resolution of your issue through some sort of professional service. However, if these options are not available, you may wish to consider removing files or directories which have been recently added and which you do not recognize as part of your site. Things to look for include:
- Strangely named files or directories (i.e: xf8c3l.php or /home/username/public_html/wellsfargo).
- PHP files located in image folders.
- Base64 or other encrypted injections inside of site files which can be removed using file editors.
Again, please do not make changes to your account if it is currently under investigation.
If Google's "Reported Attack Site!" page is seen, please refer to the following article for details on how to clean the site and remove the warning: