Hacked websites are more common than most people think. Robot Networks (Botnets) are scanning the internet 24/7/365 looking for website vulnerabilities to exploit. They execute their scripts in seconds and leave websites compromised in their wake.
First things first, reset all passwords associated to the website in any way. Website hacks are easy to recover from if the proper steps for a Disaster Recovery Plan (DRP) are taken ahead of time (see here for more info on DRP). If no site backups, malware scanners or preventative measures have been taken ahead of time, there are still some options that eliminate malware and reduce the risk of becoming compromised again.
Refer to software best practices to ensure that all site software is up to date and the most recent patches have been installed. Identify any third party softwares that may come into play on your site as well i.e. contact forms, shopping cart software and so on- and confirm all these software are patched/up to date as well.
If no steps for DRP have been taken prior to this point- take a deep breathe- there is still an option to recover the site. You need a good malware removal software tool to eradicate any instances of malware. This will put the site back in a good place with all malware removed. More info for malware removal software can be found here.
