This morning we started getting emails from our regular subscribers letting us know The Blog was coming up as an Attack Page. We even got a couple ‘courtesy emails’ from our hosting provider as well. For most of the morning we worked will Google to identify the issue and remove all the malicious content. We were notified by Google earlier this evening the latest scan came back clean and they would be removing the Attack Page warnings.
We are still trying to piece together what happened, but it appears there were only a few posts from earlier this year that some how had malicious code injected. We have no idea why these particular posts which normally do not see much traffic. Also appears our .htaccess in the root was tampered with as well. This could be a WordPress exploit (though all the FF Extension Guru and Email Mafia sites are powered by WordPress). Another possibility we are investigating since this was the only site affected is a recent WordPress backup plugin we had started using a couple days prior for the blog. We have since removed this plugin along with the malicious content. Precautions have been taken to ensure this does not happen again. We apologize for any inconvenience this may have caused.