Here's what's happened over the past day.
1. I received reports via private email that the forum was listed as a malware site. Investigated, see the same thing.
2. Via Google website analysis I determine that HTML and PHP files are 'infected' with a javascript snippet which causes access to a malware distribution site.
3. I report via private email to all NBTV forum members, advising caution
4. I manually remove the javascript from all HTML and PHP files used by the forum
5. I advise Google the site is now clean.
6. I decide to upgrade the forum to the new software, in case the old software had a backdoor/bug allowing a hacker in.
7. I change all my access passwords for the site.
8. All looks OK with new forum, and I advise NBTV members it's OK to visit.
9. Google marks the site as OK
10. Google marks the site (
http://www.taswegian.com) as NOT OK
11. I investigate further and to my horror find that not only was the forum infected (the original one, not the new one), but ALL of my websites were.
12. I immediately remove all access by anyone -- hence the forum went down
13. I deleted ALL files on my server (there were some 600 infected files, and much of these, alas, will never go back up -- I don't have the time to fix them)
14. I re-uploaded the forum (this took about 8 hours)
15. I advised google the site is now clean.
So, that's the progress so far. Those people who visited the FORUM after I advised it was fixed are OK -- it was, indeed, fixed. It was only the files on my other websites that were still infected and thus triggering Google marking 'www.taswegian.com' as a bad site to visit. Right now we're waiting on Google to revisit the site and determine all is OK. That's when the "reported attack site" messages will dissapear.
Once again, all I can say is what annoying little fucks the people who do this sort of thing are.