Fix for infected files are found in hosting account

Many bloggers and many people who run websites post in many forums that their hosting account has been suspended as malicious and infected files have been found in their hosting account. More often WordPress websites get hacked as people keep using many third party applications and they could be easily compromised or hacked. Sometimes it becomes very difficult to recover a site and chances are high that you will lose entire data and end up shutting down the website and starting again from scratch.

Let me come to the topic of this article where you end up seeing a mail or support ticket created by your hosting provider saying that “While conducting a routine scan, we found infected files in your hosting account “xyz”. We have uploaded a file named ‘scanlog.txt’ within the root or some directory of your account, which contains the full list of infected files. In order to protect your account and visitors to your website, we may need to suspend your account if no action is taken to remove the malicious contents within 24 hours.”

Your website will be down until you clean all the infected files and ask the service provider to scan the files again. Your services will not be operational if you do not respond and do not clean or delete the malicious files.

Now let see how to fix this issue and recover your site when infected files are found in your hosting account.

Step1 : Login to your hosting account and navigate to your Control Panel and find ‘File Manager’. File Manager in your control panel provides user friendly interface to manage files and directories in your account. You can upload files, delete them and download them too.

Step 2: Find the log file uploaded by your web hosting provider. You can get to know the location or directory in which the file is uploaded in the email you receive from your host or in the support ticket created. Download that file using the download option available in your file manager.

recover a site when site has been compromised or infected files are found in hosting account
Infected files

Step 3: You need to have patience to actually complete this last step. Carefully find each file pointed out in that scan log sheet in your file manager and delete all of them. Remember that you need to be very careful while deleting the files. If you delete any other file other than the one’s present in that sheet, you will end up breaking some functionality in your site.

Step 4: Inform your web host that you have deleted all the infected files and they can scan all the files again and see that all the services are operational again and most importantly your websites are up and running.

Step 5: You should immediately change your password through the Control Panel for the hosting account and most importantly you need to make sure any applications in your account are completely up-to-date as far as versions, security patches, etc. are concerned. This applies not just to the core application, but also plugins you have been using, themes you have installed, modules, etc. If this is not done, your account will remain vulnerable to future attacks of this kind.

You have to choose better web host which ensures security and scans your content daily and prevent hacking attempts by any means. I recommend iPage (Read the review here – iPage review and our experience) as I have been hosting all my websites there from past three years and my websites have been safe and free from hacking attempts.

Share On

About Sai Prashanth

IT professional. Love to write.