I’m not sure how long this had been going on, perhaps for only a few days, but apparently this website appeared to be hacked. Any visitors to the site were immediately redirected to random advertising sites. Most of them implored you to install some sort of software update (Flash player, Java…who knows what else). Yikes! For a while, I thought some spammers/scammers scum had got together to screw with my website.
My server is set to SFTP-SSH protocol because of prior injection attacks on my blogs. Still, I checked the index files, changed my WordPress password, generated a new WordPress key, edited the .htacess file… Nothing worked. Just when I thought I’d have to do a completely new WordPress install, on a whim I decided to remove ad units. I didn’t think that the Google AdSense or MadAds Media ad units were the culprits, though. I had my eye on the Yes Advertising units. My suspicions were correct: the Yes Advertising ad units had been causing the URL hijacks.
Now, I’m sure that Yes Advertising, as company practice, didn’t do this on purpose. It’s most likely an outside hacker who discovered a vulnerability in their ad servers. I sent an email to Yes Advertising letting them know about this. I thought I’d post this information just in case someone encounters the same problem. There’s nothing worse than completely reinstalling WordPress and your theme, restoring your database and reconfiguring everything only to discover it was something outside of your own server causing the mischief.