Hackers do lots of things. Sometimes the hack is on purpose but, most often, the hack is done automatically. Your website was found by a computer program and was scanned to see if there were any holes in it. If there were holes, they were exploited and some software was installed.
Today, these kinds of hacks aren't about defacement. Sometimes people think these are the only kind of compromises out there. What hackers want to do now is install scripts or links that you won't notice. They don't want to be found. They want things installed in the background as long as they can. Often, these scripts send out email (spam) or else they could be phishing pages posing as a bank login or PayPal or some other website. We also see files just put there - like movies or something else... hey, hackers need storage space, too.
Your host most likely found something strange going on with your website. Maybe your website was taking up too many resources (CPU power) or too much bandwidth (file transfer) or something else. They may have already shut down your website or else might be threatening to unless you get things cleaned up. Your host doesn't want this running. They might have somewhat disabled the compromise and are asking you to finish cleaning things up.
Not only do you have to clean things up - you need to figure out how someone got in and fix that hole.
Doing this kind of investigative work takes time - especially if you don't know what you're looking for. There are hidden files and folders that need to be looked into. These hacks can be hidden in some pretty obscure places. Also, software and scripts may need to be patched or updated. Once they're updated, they need to be tested.
Side note: This may seem like a lot of work. Yes, there is a cost of ownership to running a successful website.
We suggest getting professional help. Webstix can help you. Here's what we do:
The time to get this done is now. Get the professionals to work and get this done and off your list... and off your mind!
