It appears that somehow they had acquired the account password and were able to FTP into the site and do their nasty business. I changed the password when I learned of the problem. I was alerted by a forum member on one of the forums that I frequent. He had clicked on the link in my sig and got an alert from Avast AV that my site was an attack site. He listed the problem as JS:Illredir-B [Trj]. I found out at around 1:oo AM (eastern US time zone) on December 31. I believe that the incursions were all on the 30th and 31st. I did not change the password until the morning of the 31st, and that does appear to have stopped the activity.

My blogs were also affected, including this one. I damaged a couple of them learning how to effect a repair. The damaged ones are very low traffic, but I will repair them this evening. I was lucky in that all of the content is in tact. A friend recently had his blog hacked and lost about 6 weeks of the most recent posts.

I did find one file that I had missed this morning. It is easy to tell by the date stamps which files may have been affected. I had just missed the one file. I have many directories and sub-directories on the space. Nearly all have an index page. I have my local copy so I was able to upload a safe file to replace the corrupted files. I spent several hours on the clean-up. I would prefer for this not to happen again.