My Account was Hacked!

Important Note: It is generally both easier and cheaper to prevent hacking than it can be to repair a site that has been infected. HostGator recommends SiteLock to protect your site. Check out our special offers for SiteLock services:

Emergency Cleaning for Urgent Help

We understand the stress involved in any kind of account compromise, particularly when you need your site to be up and available and safe for your customers. When your site is down, you need a solution fast.

HostGator has partnered with SiteLock to provide 911 emergency cleanings for sites that need to be accessible and safe fast. If your site is already compromised and you do not already have SiteLock service, this is the solution we recommend to get your site running fast. You can order it directly from your billing account and begin receiving help immediately.

To get 911 emergency cleanup for a compromised account and get back online fast:

  1. Login to your billing portal.
  2. Click the Hosting tab.
  3. Click the SiteLock icon from the menu bar at the top, then click the Get Help Right Away button:

You'll be able to select the affected domain that you need assistance with. SiteLock even provides a discount for your emergency service if you sign up for either the Fix or Prevent plans so that you will be better prepared to prevent your account from being infected in the future.

Options for Hacked or Compromised Sites

Finding out that your account has been compromised by malicious activity can be incredibly stressful. By the time you find out, it is possible that the compromise of your content can have extremely adverse effects including, but not limited to: email blacklisting, Google attack warning pages blocking your content, or even suspension of your account.

At this time, HostGator does not offer any direct services to assist with malware removal for websites that have been compromised. If your account has been compromised, the following options are available to you:

  • Malware Cleaning Services: Attempting to have your site repaired/cleaned is a potential option. We recommend SiteLock's anti malware services, however their basic plan would not be sufficient for a site that is already infected, you'll need to purchase emergency cleaning to assist with a site that's already compromised.
  • Restore Your Site: If you have a backup prior to the compromise of your site, you may restore your site from that backup. HostGator makes weekly backups of eligible accounts which may be used for a fee. It is important to be aware that if the backup was made after the site was hacked it will still contain the hacked code, and if it is not hacked, it may have the same vulnerability that would allow it to be hacked again without preventative measures.
  • Create a New Site: A final option if the site cannot be restored or repaired may be to create a new website or to hire a developer to create a new website for you.

If you contact our support for assistance with a hacked site, we will direct you to one of the options above. For security purposes our agents cannot directly troubleshoot a site that is believed to be compromised.

What to Look For in a Hacked Account

In all cases, we recommend resolution of your issue through some sort of professional service. However, if these options are not available, you may wish to consider removing files or directories which have been recently added and which you do not recognize as part of your site. Things to look for include:

  • Strangely named files or directories (i.e: xf8c3l.php or /home/username/public_html/wellsfargo).
  • PHP files located in image folders.
  • Base64 or other encrypted injections inside of site files which can be removed using file editors.

Again, please do not make changes to your account if it is currently under investigation.

Google Attack Page

If Google's "Reported Attack Site!" page is seen, please refer to the following article for details on how to clean the site and remove the warning: