My Website is Infected!

What is a Malware Infection?

Malware, short for malicious software, is created by cybercriminals with the intent of causing harm to a website. It is used to steal sensitive customer information, hold websites for ransom, or even take control of the website itself. In many cases, victims of malware may not realize they’ve been attacked until it’s too late.

There are a variety of ways a cybercriminal can use malware to infect your website. When a cybercriminal finds vulnerabilities in your website, they are quick to attack. First, they’ll decide why they want to access your site. Then based on their intent, they’ll determine the type of malware to use.

Find Out How You Were Hacked

If your account has been compromised, knowing what caused the compromise will allow you to address the root cause directly and prevent it from happening again, and save you from having to worry about how it happened.

UltaHost now offers a root cause analysis of your account. Our administrators will carefully examine your logs and files for how they were modified, when, and by who, and will frequently be able to provide you with real information about exactly what you can do to prevent your account from being compromised the same way twice.

How Much is a Root Cause Analysis?

We will perform a root cause analysis of your account for a fee of $37.50, which can only be submitted if your cPanel has been proven to be infected.

How Can I Order a Root Cause Analysis?

To have a root cause analysis, please contact us and request to have a Root Cause Analysis performed for your hacked account.

Is There Anything I Need to Do?

For the best results, please do not restore your account until after the analysis is complete. Restoring your account can modify files and logs which may prevent the root cause analysis from providing useful information.

If you need to restore your account immediately, we can still perform an analysis, and will not charge you if no information is found.

Options for Infected Websites

Learning your website has been infected with malware is frustrating, but you aren’t alone, and you have options. When you contact Ultahost support about a malware infection, we will help you choose the best option to secure your site. While UltaHost does not offer any direct malware removal services, and cannot troubleshoot an infected site, there are several ways you can remove malware.

  • Professional Malware Cleaning Services Having experts clean the malware infection from your website is a great option if you don’t have the time and expertise to do it yourself. Our security partners at SiteLock can help you remove malware on your site and provide solutions to proactively prevent future infections.
  • Restore Your Site You can restore your website using a backup made before your site became infected with malware. If you do not have a backup, UltaHost can provide you one for a fee. It is critical that you use a backup made prior to the site being infected to completely remove the malicious code, if not your restored site will remain infected. Be aware that you will lose any changes made to your site after the backup you use was created. Even after restoration, your site will likely have the same vulnerabilities that would allow it to be compromised again. For this reason, it is important to take additional proactive measures with your website security.
  • Create a New Site A final option if your site cannot be restored or repaired is to create a new website.

Important Note:
Preventing website attacks is always easier and cheaper than repairing a site that has been infected with malware. Ultahost recommends you choose a website security plan from our partners at SiteLock. 

Removing Infected Files and Directories

When a site is compromised by malware we always recommend using a professional service to guarantee resolution and prevent future infection. If you are unable to hire a professional, you can attempt to fix your website yourself. To do this you need to identify and remove recently added or modified files or directories.

Exercise extreme caution when removing website files and directories because you can disable features and functionality on your site and it does not guarantee removal of malicious code. Additionally, file removal does not address vulnerabilities that allow attackers to gain access to your site. Finally, by choosing to self-service a site infection, you take full responsibility for changes made to the site, any files deleted and or breaks in functionality.

To identify infected files or directories look for:

  • Strangely named files or directories (i.e: xf8c3l.php or /home/username/public_html/wellsfargo).
  • PHP files located in image folders.
  • Base64 or other encrypted injections inside of site files which can be removed using file editors.
  • If your website is currently under investigation, please DO NOT MAKE CHANGES, including the removal of files and directories.

Google Attack Page

If you see Google's "Reported Attack Site!" warning on your website, read the following article to learn how to clean the site and remove the warning:
How to Handle the Google Attack Page

Was this article helpful?

Thanks for your opinion!
Have more questions? Submit a request