It took a bit, but I think I’m finally malware free again. I had fixed everything at one point, and only a few hours later, the worm had gotten back in. My hosting account allows me to host multiple domains in one account, which is a great deal and money-saver. However, one of those domains, the one belonging to my personal blog, had an outdated and neglected version of zenphoto with security flaws attached, and that’s how these scumbags got in. I expect that newer versions of zenphoto no longer have this weakness, and this was totally my fault for not making proper updates – they are published for a reason!!
And once thew were in, they could easily move from one domain hosted there to the next, and soil them all. I deleted the entire zenphoto installation, wasn’t using it any more anyway, re-installed all the affected/ infected files and folders, and signed up with
I also know that I’m not the only one that was attacked by these low-lives. A Google search for hacked by turnitupnow.net brings up over 1.3 million hits.
To the "Experts" behind this scheme:
When people talk about SEO (Search Engine Optimization) and building backlinks, etc. what you did is NOT what they have in mind. You would be better of spending your ‘talents’ and energies on finishing this half-cocked website of yours that you have out there in public. Most the internal links still have no content. Hitting the ‘Contact” link as well as the “Post” link on top of your pages just reveals XML Parsing Errors, and looking at the low numbers displayed next to all the Tweet and FB-Share buttons, it’s obvious that your hacking-strategy did not work.
I, on the other hand, now have a better site and have learned new things because of this.
Thank you for that.