Sometime after 4:00 AM Pacific on 12/27 a file appeared to have been uploaded to our website. We use a WordPress 3.3 installation on 1and1. A file (wp-test.txt) was uploaded to the http://www.mobilitywire.com/content/ folder. It appears this file caused many links to be generated such as:
… etc. Here’s a link to some more search results so you can see. But it’s not just for the word “Cialis”, many other drug names are generating pages.
The links first direct the browser to mytdsssss.info and from there to nice-online-shop.com
I changed the password for FTP access then deleted the wp-test.txt file. That immediately broke all the links so that a 404 error was displayed on website and iphone. But ipad still has the redirect. Any suggestions on what more I can do on my end would be appreciated. Also, as I have changed the password and subsequently the problem seemed to be partially restored, maybe there is some vulnerability to the server?
I will respond to this post with the contents of the wp-test.txt file.