UPDATE 11:30 pm: All but a very few sites are back online, scrubbed and certified clean. Faraz has returned from a short nap and will continue working until these last few are in optimal condition once again.
The source of the hack was a site hosted with us that is not webmastered by us. The site owners had allowed plugins become outdated, which is how the hacker got in. We are exploring how to protect “our” sites like these that we don’t control. Hosting clients will receive more information by email in a few days. In the meanwhile, please report any issues on your site.
UPDATE 5:00 pm: Our entire ONEFASTPUPPY server was affected by this morning’s attack. We’ve gotten about half the sites back online. Each has to be restored from backup via a manual process, so it’s taking some time.
ANNOUNCEMENT 11:30 am: About 1/3 of the sites on our host servers were hacked this morning. We’re working on cleanup as quickly as we can and will report more once all sites have been restored. Thank you for your patience.