Edit: thanks to Hellfire in the comments and this post, I’ve discovered I’ve been hit by a currently live exploit that occasionally vandalizes the blog as seen below. AWESOME.
SuperNinjaEdit: I *think* I’ve managed to nuke the exploit from orbit just to be sure. Thanks for everyone’s help. Note that Google still has old viagra-laden pages cached, but following links from Google/Google Reader should no longer lead to sales for Huxley-esque drugs.
Someone sent in this screenshot of my webpage. As best as I can tell, my site hasn’t been hacked. It’s just one guy that has this problem. What could be used to detect client-side hackery that might cause this? (I already had him run MalwareBytes):