My server in The States was hacked by mistake by Alexa's web-crawler.  You see, if you have the Alexa toolbar or, like me, Quirk's SearchStatus plugin installed, then Alexa will crawl the pages you browse.  Maybe not all of them, maybe only pages from domains it doesn't already have indexed but, nonetheless, it will crawl them.

The problem with that is that some parts of the net aren't supposed to be indexed.  It used to be considered safe to put something up without linking to it or telling anyone about the URL.  If you did this, it shouldn't be accessed by anyone as, if something isn't linked to on the internet, for all intents and purposes, it doesn't exist!

Well that doesn't count any more :P

The problem is that the admin interface I use has a well-known bug wherein it doesn't properly check your login credentials before giving you access to administrative pages.  And that's basically how they h4xored my server.

Their crawler accessed my admin interface and proceeded to "crawl" the deletion page for one domain and the suspension pages for 2 others.  Fun stuff for me ;)

Luckily I picked it up about an hour after it happened so I've been in touch with them and let them know about what's happened and I've fixed my server but boy was I shocked to find Alexa at the other end of my h4xoredness :D

Just goes to show that you shouldn't be lazy in patching your server.  Security by obscurity is no security at all.