Here’s what happened.
Friday April 9th I was surfing the net while working from home, using my non-virus protected Windows PC. Yeah, I know. While visiting a friend’s site, I got a weird pop-up saying ‘Such and such.com says your PC is infected!’ I told my friend, assumed nothing untoward happened, and went on my day, which included some FTPing to my domain.
Of note, I ALWAYS use SSH and SFTP. The first S stands for Secure. Of course, it’s not actually all that secure. I mean, they’re better than Telnet and FTP, but they won’t protect you from everything.
On Monday the 12th, I post a new blog post here and things go pear shaped. Cache is weird, people are getting errors, I can’t sort it out. I thought it was WP-Super-Cache, but then it wasn’t. It was insane.
On Tuesday the 13th, emails from my office to my home were bouncing. I thought it was my mailserver blocking my office!
Finally, Sunday the 18th, Taffy bitches “I can’t mail your father!” Now I get hands in and look. What do I see? “Connections not accepted from IP addresses on Spamhaus XBL.” And it’s listing MY IP ADDRESS!
Thank goodness, LiquidWeb was able to find the vector point of infection, which once they gave me the details, I knew it had to go back to that Friday. And they got me off the black lists pretty fast so everything’s okay now. But let this be a lesson, everyone! You’re only as safe as you keep yourself!