When I discovered this around 00:00 on December 18th the easiest thing for me to do, after some initial digging, was delete everything that was compromised. That meant the blog and a couple of other dynamic sites hosted in the same place but which were unused (and out of date, mea culpa!).
What had they done? First of all they'd modified the .htaccess file of two dynamic sites, on separate domains but the same VPS, to redirect innocent visitors to said evil domain. This was within my ability to cope with, it's what came next that lead to the deleting. Some JavaScript seems to have been squirted into some (though seemingly not all) of my posts, resulting in a similar redirect - only less simple to find and remove.
rm -fr
So here I am now, some time later, writing again. Only this time in a 'baked site'.
Of course, the journey here wasn't easy. Once I'd spent some time converting the content from my Wordpress backup into the new static system I was plagued by a hard disk failure in the laptop I was using to work on this new site.
Which means I spent a couple of days of my holiday break restoring data when I could have been doing something else, like making this site not look quite so vanilla.
Technology and I were not friends this holiday season...