Hi,
I searched my server, check logs and I think I know what all of it is about. The question is how did they accessed my server ...
I found on my server folder called "rayban" :) with ~10 000 html files (200 MB). There is nothing special in those HTML files, except line
<script type='text/javascript' src='http://2015jing.com/js/enrb1.js'></script>
This .js content only this: window.location.href="http://www.sunglassesbuynice.com/";
The names of the files and content are more like key words.
So in shortcut all of it is going like this:
1. I don't know how, but someone insert a lot of files on my page (possible wordpress bug)
2. On some asian sites put a lot of links to those files
3. Google (and not only google) indexed those files
4. When somebody hit in google, yahoo or other search engine my link the site redirect the client to: http://www.sunglassesbuynice.com :)