Pal Andrew alerted me this morning to a curious development. It seems that when he opened my site, he got all kinds of malware warnings and a redirect. I’ve had no such experience, but when he said it was on two different computers, I got alarmed. I asked on Twitter if anyone else had this experience and within moments this guy confirmed that yes, there were some rogue elements in my HTML code. (Also, I got another report of a redirect from my site.)
After searching through this code and that, I finally found the culprit. Turns out it was a pretty low-level hack called “yahg” that was responsible. I found the bits it added to my code and chopped it out. I’m fortunate that this is not one of those hacks that sets roots deep into the database structure of the site. The reason I hadn’t encountered it was because apparently it was only activating when the browser used was Internet Explorer.
I then upgraded to the latest version of WordPress and everything seems to be dandy.
If any of you got hit by this thing, I apologize. PLEASE let me know via email (it’s on the “contact” link above), blog comment, IM, Twitter, Facebook, whatever as soon as something like this happens so I can act quickly. I don’t know when my site got hacked, so I don’t know how long this has been going on.