Today @Hanski alerted me to google search informing that “your website may be hacked”
And indeed, there was script injection but it had been done on non-active http pages. Due to the .htaccess rerouting all traffic to https no-one should actually have come across any compromised content (fake North Face clothes, Viagra etc etc).
I’ve run the site through malware checks, and they come out clean. The only thing that really is affected seems to be the result that google search gets, since it crawls through pages that are normally not visible.
I’ve also taken pokitto.com front page down for safety.
I’ll be going through the non-active pages and remove any bs.
edit: talk.pokitto.com runs on a completely different server and hosting, has not been affected in any way