My Website is Infected!

What is a Malware Infection?

Malware, short for malicious software, is created by cybercriminals with the intent of causing harm to a website. It is used to steal sensitive customer information, hold websites for ransom, or even take control of the website itself. In many cases, victims of malware may not realize they’ve been attacked until it’s too late.

There are a variety of ways a cybercriminal can use malware to infect your website. When a cybercriminal finds vulnerabilities in your website, they are quick to attack. First, they’ll decide why they want to access your site. Then based on their intent, they’ll determine the type of malware to use.


Find Out How You Were Hacked

If your account has been compromised, knowing what caused the compromise will allow you to address the root cause directly and prevent it from happening again, and save you from having to worry about how it happened.

HostGator now offers a root cause analysis of your account. Our administrators will carefully examine your logs and files for how they were modified, when, and by who, and will frequently be able to provide you with real information about exactly what you can do to prevent your account from being compromised the same way twice.

How Much is a Root Cause Analysis?

We will perform a root cause analysis of your account for a fee of $37.50, which will only be charged if we are able to provide you with information regarding how your account was hacked.

How Can I Order a Root Cause Analysis?

To have a root cause analysis, please contact us and request to have a Root Cause Analysis performed for your hacked account.

Is There Anything I Need to Do?

For best results, please do not restore your account until after the analysis is complete. Restoring your account can modify files and logs which may prevent the root cause analysis from providing useful information.

If you need to restore your account immediately, we can still perform an analysis, and will not charge you if no information is found.


Options for Infected Websites

Learning your website has been infected with malware is frustrating, but you aren’t alone, and you have options. When you contact HostGator support about a malware infection, we will help you choose the best option to secure your site. While HostGator does not offer any direct malware removal services, and cannot troubleshoot an infected site, there are several ways you can remove malware.

  • Professional Malware Cleaning Services
    Having experts clean the malware infection from your website is a great option if you don’t have the time and expertise to do it yourself. Our security partners at SiteLock can help you remove malware with an emergency cleaning of your site and provide solutions to proactively prevent future infections.

  • Restore Your Site
    You can restore your website using a backup made before your site became infected with malware. If you do not have a backup, HostGator can provide you one for a fee. It is critical that you use a backup made prior to the site being infected to completely remove the malicious code, if not your restored site will remain infected. Be aware that you will lose any changes made to your site after the backup you use was created. Even after a restoration, your site will likely have the same vulnerabilities that would allow it to be compromised again. For this reason, it is important to take additional proactive measures with your website security.

  • Create a New Site
    A final option if your site cannot be restored or repaired is to create a new website.


Emergency Cleaning for Malware Infections

Dealing with malware infections is stressful, especially if your customers are unable to safely visit your site. When your site is down it means losing visitors and business, so you need a reliable solution—fast.

For websites that need malware removed immediately, HostGator has partnered with SiteLock to offer exclusive discounts on 911 emergency cleaning services. You can bundle your emergency malware clean with a SiteLock plan that will prevent future infections for an even deeper discount.

To request a 911 emergency cleaning:

  1. Login to your HostGator billing portal.
  2. Click the Hosting tab.
  3. Click the SiteLock icon from the menu bar at the top right.
  4. Click the Get Help Right Away button on the left of the screen.
  5. Select the domain you need cleaned from the drop down.
  6. Choose between a one-time cleaning or a bundled security plan.
  7. Click the Buy Now! button at the bottom of your selection.


Removing Infected Files and Directories

When a site is compromised by malware we always recommend using a professional service to guarantee resolution and prevent future infection. If you are unable to hire a professional, you can attempt to fix your website yourself. To do this you need to identify and remove recently added or modified files or directories.

Exercise extreme caution when removing website files and directories because you can disable features and functionality on your site and it does not guarantee removal of malicious code. Additionally, file removal does not address vulnerabilities that allow attackers to gain access to your site. Finally, by choosing to self-service a site infection, you take full responsibility for changes made to the site, any files deleted and or breaks in functionality.

To identify infected files or directories look for:

  • Strangely named files or directories (i.e: xf8c3l.php or /home/username/public_html/wellsfargo).
  • PHP files located in image folders.
  • Base64 or other encrypted injections inside of site files which can be removed using file editors.

If your website is currently under investigation, please DO NOT MAKE CHANGES, including the removal of files and directories.


Google Attack Page

If you see Google's "Reported Attack Site!" warning on your website, read the following article to learn how to clean the site and remove the warning: