For who knows how long, this site has been hijacked going to some website that collects hits for pay. I haven't checked in about a year or so. When I finally did, I was hijacked when javascript was turned on. I found the evil code embedded at the end of a php script. Every php page begins with "<php? " and between the h and p were non-printing invisible characters. I believe they may be esc characters letting the evil inserted code at the bottom execute.
What's the point of hijacking? Pay? Fun? Ego?
I surely don't know. They're not my crowd.
Time to update and patch all the files again...
(hopefully, I won't wipe out the site)
ceej
http://www.grandmatalk.com/article.php?story=200908060308175