Is that even how you spell malicious? Oh, it is. Anyway, it seems that Google has found some malware hosted on my blog and has thus flagged my site as “potentially dangerous”.
If you’re using Firefox or another browser that checks Google’s list of bad sites you’ll get a a big red page telling you that my site may harm your computer. It won’t and probably didn’t previously but I have found some code inserted into various places.
It’s possible, but unlikely, that my site passwords were hacked. I don’t use easily-guessable passwords these days and I use a plugin called Login Lockdown that prevents multiple login attempts into the admin backend. It’s most likely that another site hosted on the same server is using some insecure script or other and someone prick has managed to get root access, or similarly administrative access, to the server itself.
It’s good that Google does this, in cahoots with stopbadware.org. It’s a pain for me, in that I need to get my site reviewed again by Google so that it can be taken off the list, but also helpful in that they’ve found the attack for me. I’d have never known about it otherwise, not without scanning the site code and database – and there’s a LOT of code!
I’ve changed all my passwords just in case, along with changing the database name and user password. It shouldn’t happen again, but then you can never really know for certain when you’re using shared hosting.