What is a Malware Infection?
Malware, short for malicious software, is created by cybercriminals with the intent of causing harm to a website. It is used to steal sensitive customer information, hold websites for ransom, or even take control of the website itself. In many cases, victims of malware may not realize they’ve been attacked until it’s too late.
There are a variety of ways a cybercriminal can use malware to infect your website. When a cybercriminal finds vulnerabilities in your website, they are quick to attack. First, they’ll decide why they want to access your site. Then based on their intent, they’ll determine the type of malware to use.
Find Out How You Were Hacked
If your account has been compromised, knowing what caused the compromise will allow you to address the root cause directly and prevent it from happening again, and save you from having to worry about how it happened.
HostGator now offers a root cause analysis of your account. Our administrators will carefully examine your logs and files for how they were modified, when, and by who, and will frequently be able to provide you with real information about exactly what you can do to prevent your account from being compromised the same way twice.
Removing Infected Files and Directories
When a site is compromised by malware we always recommend using a professional service to guarantee resolution and prevent future infection. If you are unable to hire a professional, you can attempt to fix your website yourself. To do this you need to identify and remove recently added or modified files or directories.
Exercise extreme caution when removing website files and directories because you can disable features and functionality on your site and it does not guarantee removal of malicious code. Additionally, file removal does not address vulnerabilities that allow attackers to gain access to your site. Finally, by choosing to self-service a site infection, you take full responsibility for changes made to the site, any files deleted and or breaks in functionality.
To identify infected files or directories look for:
Strangely named files or directories (i.e: xf8c3l.php or /home/username/public_html/wellsfargo).
PHP files located in image folders.
Base64 or other encrypted injections inside of site files which can be removed using file editors.
If your website is currently under investigation, please DO NOT MAKE CHANGES, including the removal of files and directories.