I just got a alert from Avast when I came on here. Said it blocked a trojan called HTML:Downloader-CC[Trj]

Just came on and it did it again heres the info
"I removed http:// from url"

today-
Infection Details
URL:   cetolsq.tk/35232777.html
Infection:   HTML:Downloader-CC [Trj]

Last night-
Infection Details
URL:   bilioaerw.tk/78102777.html
Infection:   HTML:Downloader-CC [Trj]

Still haven't been able to trigger it myself. If it pops up for someone again, please let me know what ads are displaying.

Download free Avast BR_tech.  Best AV program out there and it will detect and give you info.  http://www.avast.com/free-antivirus-download

BTW...I scanned BR with https://www.virustotal.com/#url and found nothing.  Possibly with an AV/Avast it's a false positive?  I turned on adblock and NoScript using FireFox 11.0 and it allows me on site. 

I use Avast and just logged into Ballreviews and it bloccked a trojan also.

Just got on and Norton just caught a Virus.  Something like palaceshrink.

Please check this out.

Ads have been disabled till we sort this out. If anyone is still receiving any errors please let me know ASAP.

Lefty,

Lifehacker is totally legit. Go with confidence.

Is a sight called lifehacker where I want to be going??

Regards,

Luckylefty

tl;dr version: Site should be coming back as clean for everyone.

What happened?
It appears that an infected server (not ours, a random one on the web) was used to grab our index files through ftp, append some malicious code, and return the files to their position on the server.

How did they get in to FTP? Don't you have passwords or something?
We had an account activated for a freelance web developer in order to help with the transition to the new server. We don't believe the freelancer had anything to do with the hack but the password on the account was simple enough to be brute-forced.

Are you sure it is all gone?
Our file transfer logs showed all files that were accessed and we have gone through all files affected. The code has been cleaned from all of these files. I don't like dealing in absolutes but yea, I'm sure it is all gone.

Why did you originally say it was the ads?
I was unable to recreate the issue and, in the past, I've dealt with similar issues where I was unable to get the right ad to load so some people would see the error while others wouldn't. In this case, the malicious code was designed to not activate for specific browsers. Google Chrome was among the browsers that were ignored so, when I visited the site, I was unable to see the line of code.

What have you done to ensure that this doesn't happen again?
Though this looks like it was just the work of a script and not of an actual user, we have changed all passwords related to the server. We have also disabled the account used to make the changed to the files. Finally, we have activated filtering for FTP so that FTP commands can only be accessed using specified ip addresses.

Was my password at risk?
The logs do not indicate any attempt to access or view any user data. Even if the hack attempt had led to access of the users database, all passwords are hashed and salted. This means that we can't even see what your password is if we want to do so.

Why all this information?
We want to make sure that we have clear communication about these sorts of events with our users.