coachm - 2:08 pm on Sep 11, 2012 (gmt 0)
PHP vulnerability and/or SQL injection.
Thanks. Ok. If that effect is possible, I have a better idea where to look.
More info. I found another site owned by someone else also doing the same redirect. Another of her sites doesn't.
Also the redirect occurs with a completely empty sub-domain I've never used.
My sites are all plain html static with a wordpress blog attached. I disabled the blogs, renamed the directories, and removed ALL permissions for the wp directories to disable.
So, apart from testing from another Internet location, any thoughts on what to try next? This really looks to me like a server/nameserver hack. That's been in place for a very very long time.