We had a static HTML site get attacked and blacklisted. I never thought a static HTML site could get attacked.
Upon further investigation I found a file called “kmhtwefn.php”. A google search returned nothing … something must be wrong.
There was also a file called “ingenuity-insulator.php”. I googled it and came back with nothing related to this file. Again this made me question things.
I opened a “.htaccess” file and found the following:
Bingo!
It appears all leads from the major search engines lead to the ingenuity-insulator.php file. This is why the site go listed as hacked.
How did it get hacked?
Turns out this site had ICEcoder in it. I needed to reset the password and the following article helped me figure it out.
https://groups.google.com/forum/#!topic/icecoder/0KPKZZLcB58
Due to the lack of time I reached out to Sucuri to help get this site cleaned up and remove the blacklisting.
I hope this helps someone else out there…