Hi Eli, I have some site was affected but redirect malware. The malware redirect only when you click some internal link, or you click 5 times on the page.
Any type of scanner find treath.
There is lots of malware that has this affect and it can come in many different forms. In many cases the source code for the malware is removed but the symptoms persist because the malicious scripts were cached.
If you have deleted all cache files, and disabled caching at all levels (browser, server, plugins, and browser), and you are still having this issue then please email me directly with the site details so that I can take a look.
I am having a similar issue on 2 of my sites with the random redirects to nefarious websites. Had Bluehost run a scan on the hosting site and came up with this one infected file :
/home3/mylocal2/public_html/500.php: SL-PHP-EVAL_REQUEST-axog.UNOFFICIAL FOUND
The 500.php file showed this
<!– PHP Wrapper – 500 Server Error –>
<html><head><title>500 Server Error</title></head>
<body bgcolor=white>
<h1>500 Server Error</h1>
A misconfiguration on the server caused a hiccup.
Check the server logs, fix the problem, then try again.
<hr>
<?
echo “URL: http://$_SERVERHTTP_HOST$_SERVERREQUEST_URI<br>\n”;
$fixer = “checksuexec “.escapeshellarg($_SERVER[DOCUMENT_ROOT].$_SERVER[REQUEST_URI]);
echo `$fixer`;
?>
</body></html>
I ran the anti-malware scan plugin and it reported no problems. I am wondering if the software is looking deep enough into the directory to find the infected file?
That 500.php looks like a false positive, there is no Eval or any kind of Request Execution in the code you posted. The redirect behavior on your site must be coming from some other code. Was there nothing else found by your hosting provider?
Can you send me a screenshot of the scan results from my plugin?
You can email me directly with any other details.