Yesterday, one of our domains was blacklisted by Google safe browsing (o-fu-online.net). You can see the diag here:
I've spent about 10hrs attempting to repair this, however i've not had much luck. In the end I've reverted to an older backup and partially fixed the site by adjusting .htaccess, but i've yet to confirm if i've managed to remove the infection entirely. The main site seems to be clean now, but the admin page of the wordpress blog is still redirecting to a russian site and i'm unable to access parts of the admin console (such as the add new plugin page, so can't install anti-malware tools)
If you notice on the diag page, it says: "This site was hosted on 1 network(s) including AS26347 (DREAMHOST)"
if you click that link, it takes you to the diags for the host, which alarmingly advises
"Over the past 90 days, we found 234 site(s) on this network, including, for example, ethisearch.com/, apt518.com/, your-nyc.com/, that appeared to function as intermediaries for the infection of 567 other site(s) including, for example, tutorialkit.com/, stumbleupon.com/, unmicroclima.com/."
So it appears there are other sites on the same host with issues. Is this a server side exploit? I'm stuck with what to do next to be honest. I've even overwritten the .htaccess with a blank file and still:
web site: o-fu-online.net
status: Site infected with malware
web trust: Site blacklisted.
Malware found in the URL:
The document has moved here.
Malware found in the URL: http://www.o-fu-online.net/feed/
Suspicious conditional redirect on: