If you visiting our site during certain hours this week, you may have been warned by your browser that our site was not safe to visit. When you get a warning like that, I’d advise you to believe it.
Don’t override a malware warning and visit the site anyway. Even those of you on a Mac.
Yup, we were hacked. The third party was able to do an iframe insertion, was basically opening an one-pixel size window on our site (therefore invisible to you) which ran some code from their site in the tiny window. No, I don’t know what the code did.
So on Tuesday and Wednesday, I’d delete their code frame, and they’d break in again later and put it back, but only once or twice a day. I tightened up my file permissions, changed FTP passwords, and finally managed to close their access.
We’re all clean now. Google verified our site last night and took us off their suspicious sites list.
So, that was our adventure. Hope it wasn’t yours.