So I have a site - let's call it chewy.tld - hosted on Wordpress.
I discover Google's warning saying "This site may be compromised" when inadvertently looking at the serp using the site: command.
Sure enough, there's all this nasty levitra / cialis code only seeable in the Google cache.
We lock down all the passwords, add increased security, and move from host gotchadaddy to some other more secure host for WP.
We clean out all the bad content and all looks well and Google slowly starts to reindex the clean pages.
A week later, I happen to be looking at new backlinks via Google Webmaster Tools.
Wow - what all those new backlinks?
I look at a few. There are thousands (close to 7k), all clustered around the last few weeks of March, 2013.
Upon closer look, the few I spotcheck are all "this site may be compromised" type blogs, all with backlinks to our site along with backlinks to compromised sites all over the place.
Yes, they all have a nice fat backlink to chewy.tld
So the attack is more than just an injection of bad code.
Holy c**p! Is anyone else seeing this?
How does one determine if this is one of those reportable things, or just a little bubble in the daily life of WP?