So I get a message from Google telling me that one of my websites has been compromised. It gives me a list of URL's from my site that have are suspect.
It has the same domain as my site, has what appears to be an odd subdirectory tacked onto.
Something like http://mysite.com/notmysite/
Sure enough, I go to that link and there is some weird stuff on it. But I checked my server and I can't find anything up there that looks like a changed file, and there isn't a subdirectory?
Very odd. Has anyone had this happen to them before?
First thing I did was go and change my provider password and my domain registrar passwords.
I know it's a longshot, but I'm not finding much help out there on how to fix this.