I have two Websites that got hacked. My Web Host has a big, big bullseye painted on their backs right now (DreamHost)...here's what they wrote on their support blog yesterday afternoon:
Update 6:15pm PST: In a nutshell we suffered an extremely sophisticated attack. It took a while to get things under control enough to see what was going on and then start not only blocking attack vectors but track down and disable software being used to launch attacks from our network as well. Things are almost under control currently and once they are we’ll get a full and detailed report from our network engineers for you. -John
http://www.dreamhoststatus.com/So what happened? Without knowing for sure, it looks like I had an older installation of WordPress that was exploited by the hacker on two of my sites. They injected a line of script in my HTML pages, and also some malicious code in my PHP files. This means people accessing my site who are running antivirus / anti-malware software are getting legitimate red alerts about attempts to install drive-by malicious programs, and I'm getting blacklisted on Google until I fix it.
I've since changed my FTP password, but I also have to do cleanup and re-submit both sites to Google so that I am no longer on the "Malware Blacklist."
On one site, via Web FTP, I had to open about 30 pages and remove the lines of code they injected. I ran the scanner again and it came up clean.
The other site? About
250 pages, one page at a time. I have about a dozen pages left.
I may end up having to move the sites I have on DreamHost...about 25...because unless they can get that bullseye off their back, this shit is going to keep on happening. I have all of my programs like WordPress sett to auto-update from here on, so maybe that will solve it. Maybe not.
Don't grow up to be Webmasters, kids, unless you love it (I do, that's why I chose it).
:-)