It looks like it was done through a security flaw in tinymce, a WYSIWYG text editor used by zenPHOTO, the photo gallery software I use extensively. Google blacklisted me (the horror!) but after I cleaned things up (or rather, Moi did) I can be visited again without raising any flags.
The extent of the damage is still unknown. So far I know that
- The hack occurred on 2011-11-07 at 18:48.
- Every .htaccess in my sites were injected with malicious redirects. Moi got rid of them. Here’s one sample .htaccess file (as text).
- A malicious file class.images.php with obfuscated code was created somewhere inside the zenPhoto installation. I have no desire to reverse engineer it. Here’s the link to the file (as text).
- An empty index.php file was created next to it.
Looks like I have quite a bit of work ahead of me. Those damn russian hackers! More info here.