[tlug] Possible malware attack on my site?

[Dave M G <dave@example.com>]

TLUG,

I have been informed by a user that Facebook ads that go to
tokyocomedy.com are (possibly) being re-routed through a malware site
called "my-garden-state.com"

http://www.malwaredomainlist.com/mdl.php?search=my-garden-state.com

Apparently when a user clicks on the Facebook ad, the browser is first
directed to the malware site, and then it forwards to tokyocomedy.com,
so that they may not ever notice the intrusion.

Apparently, the malware site can only cause harm to IE users (of
course), but of course I can't permit this to continue.

My initial suspicion is that the problem would have to be on the
Facebook end. If the link is highjacked, then it must be highjacked on
their site. I will be contacting Facebook support and alerting them to
the possibility.

Another possibility is that it is the user's browser that is corrupted.
However, since he discovered the highjacked link through his own
anti-virus software (so he says), then that possibility seems less.

But I also wondered if it was possible that somehow that my site,
tokyocomedy.com, is compromised somehow. I've taken steps to prevent
MySQL injection attacks and whatnot, but I am not a security expert. So
I can't imagine how my site might be compromised, but maybe that's just
my lack of imagination.

If anyone has any suggestions for how I might assure myself that the
site is secure, then I would be very interested.

Thank you for any advice.


-- 
Dave M G
http://tlug.jp/mediawiki/index.php?title=User:Dave_M_G