On Sunday afternoon, most of PPG's sites were hacked and a small piece of Javascript injected. I only diagnosed the problem this afternoon and restored a number of affected files from backup. To the best of my knowledge, the offending code has been removed.
We don't know precisely what the hack was trying to accomplish--it appears that it may have been used to generate web traffic/clicks on other sites (a common tactic to generate fraudulent advertising revenue) but I can't swear to anything.
There is a discussion of the exact exploit we suffered going on
here (same exact code, even the same attacker) and a slightly different and less informative version
here. Google's site scanner provides some data about the attacker
here. I'm not qualified to interpret the Javascript involved, unfortunately. In limited research I've also heard of at least one other completely unrelated forum which was hit.
Significantly, I can't say for certain whether or not the hack deployed a trojan or other malware. I have run a malware check on the two computers here which accessed PPG since Sunday and they came up clean--that said, both are running Firefox and are very well patched, so you may wish to run your own scans.
I'd like to add that
none of our mods or other files available for download were touched (I've checked, more than once and in more than one way), only the index.php and index.html files on the site. It also does not appear that the hack obtained any databases or other information. They seemed to only be interested in modifying our index files.
I'm obviously a combination of annoyed and embarrassed at the situation. Our master password has been changed. Unfortunately, the only promise I can make is to attempt to be responsive if this occurs again.
(Thanks to DevSin and Gert for pointing out the problem, which was originally detected by the Safari/Google site scanner.)