I just spent the last 7 hours going through and deleting 3848 malware/virus flies from my hosting account.
Received a e-mail this morning from my hosting company.
Account deactivated due to violation of my terms of service agreement.
I called them immediately to see what the problem was.
They told me my account was deactivated to due a tremendous amount of malware/virus files on my hosting account.
The part that bothers me the most, is all they did was send me a list of the files and told me it was my problem to get rid of them. I guess I should be happy they did send me the list?
I didn't have a clue where to begin or even how to find them. I know very little about coding or programming.
All I did was stare at the size of the massive list.
Long story short, I got rid of most of them by just deleting the entire domain names that were infected. I blew out 14 web sites that I will have to rebuild, I'm sure that was the hard way, but it was the only way I knew how to handle it.
The rest of the files were just a few lines of code on almost all of my domains. I have 256 of those, I would say 80% of them had the lines of code placed on them.
I changed all of my passwords on my hosting account and FTP accounts.
I noticed most of the sites that were hit hard were either wordpress blog sites, or contained an article or link directory. I'm not sure if that has anything to do with it? The wordpress ones were the worse.
What I want to know, is what else can I do to prevent this from happening again, and have I done enough to prevent future attacks?
How did somebody gain access to my account? Did it have to be through my ftp account, or is there another way in through the wordpress blogs or the directories?
With this many domains attacked, it figure it must have been from one of my FTP accounts? Just guessing.
My hosting company said that with an attack of this size, it must have be done over a few weeks or days, and they only keep their access logs for 48 hours, so using the logs to track it down seems to be of no use.
Of course my next question then was if it took place over weeks or days, why didn't they catch it sooner?
No answer, they just said it was brought to their attention today, and I have 7 days to solve the matter or all of my data would be erased.
Sorry for the long post, but I wanted to provide as much information as I could, maybe this information will help others as well.
Thank you in advance for your suggestions.