(no title)

http://www.zone-h.org/archive/ip=174.121.79.144

They have a list showing 26 hosts on that IP that were defaced. Randomly checked four of them (which are fixed now), all WordPress. But then #5 looked like a static HTML site (http://outrightoriginal.com/), so I'm going to go with server compromise, not CMS compromise.