I suspect Ninjaexplorer was the source of the hack, which is now uninstalled - but I'm still left with all traffic from google being redirected.
I'm no expert, but the htaccess file doesn't look compromised, and I don't really know what else I should be looking for in the index.php or configuration files. (I can't differentiate between malicious javascript and stuff that's supposed to be in there!
Would really appreciate any help with attempting to uncover the root cause of the redirection.
Forum post assistant follows:
Problem Description :: Forum Post Assistant (v1.2.1) : 31st May 2012 wrote:google traffic being redirected to spam sites
Forum Post Assistant (v1.2.1) : 31st May 2012 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.25-Stable (senu takaa ama mamni) 14-November-2011
Joomla! Configured :: Yes | Read-Only (444) | Owner: qzjtkmvq (uid: 642/gid: 644) | Group: qzjtkmvq (gid: 644) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 2.6.18-274.17.1.el5 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/qzjtkmvq/public_html/nebula | System TMP Writable: Yes
PHP Configuration :: Version: 5.3.10 | PHP API: cgi-fcgi | Session Path Writable: Unknown | Display Errors: 1 | Error Reporting: 6135 | Log Errors To: error_log | Last Known Error: 20th April 2012 14:33:04. | Register Globals: | Magic Quotes: 1 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 64M
MySQL Configuration :: Version: 5.1.62-cll (Client:5.1.62) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 1.00 MiB | #of _FPA_TABLE: 63Detailed Environment :: wrote:PHP Extensions :: Core (5.3.10) | date (5.3.10) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | posix () | pspell () | Reflection ($Revision: 321634 $) | standard (5.3.10) | imap () | SimpleXML (0.1) | exif (1.4 $Id: exif.c 321634 2012-01-01 13:15:04Z felipe $) | tidy (2.0) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | cgi-fcgi () | timezonedb () | suhosin (0.9.33) | OAuth (1.0-dev) | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | imagick (3.0.1) | pdo_mysql (1.0.2) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions ::
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) :: None administrator/components/com_sobi2/plugins/sobisef/ (775) | components/com_sobi2/plugins/sobisef/ (775) | components/com_sobi2/templates/standard_advanced/css/ (775) | components/com_sobi2/templates/standard_advanced/images/ (775) | components/com_sobi2/templates/standard_advanced2/css/ (775) | components/com_sobi2/templates/standard_advanced2/images/ (775) |Extensions Discovered :: wrote:Components :: SITE :: User (1.5.0) | Wrapper (1.5.0) | MailTo (1.5.0) | WF_NONBREAKING_TITLE (2.0.21) | WF_AUTOSAVE_TITLE (2.0.21) | WF_TABLE_TITLE (2.0.21) | WF_MEDIA_TITLE (2.0.21) | WF_BROWSER_TITLE (2.0.21) | WF_PASTE_TITLE (2.0.21) | WF_LINK_TITLE (2.0.21) | WF_CONTEXTMENU_TITLE (2.0.21) | WF_PREVIEW_TITLE (2.0.21) | WF_XHTMLXTRAS_TITLE (2.0.21) | WF_SPELLCHECKER_TITLE (2.0.21) | WF_SOURCE_TITLE (2.0.21) | WF_CLEANUP_TITLE (2.0.21) | WF_SEARCHREPLACE_TITLE (2.0.21) | WF_TEXTCASE_TITLE (2.0.21) | WF_VISUALCHARS_TITLE (2.0.21) | WF_INLINEPOPUPS_TITLE (2.0.21) | WF_LAYER_TITLE (2.0.21) | WF_FULLSCREEN_TITLE (2.0.21) | WF_ARTICLE_TITLE (2.0.21) | WF_STYLE_TITLE (2.0.21) | WF_DIRECTIONALITY_TITLE (2.0.21) | WF_PRINT_TITLE (2.0.21) | WF_IMGMANAGER_TITLE (2.0.21) | WF_FILESYSTEM_JOOMLA_TITLE (2.0.21) | WF_LINKS_JOOMLALINKS_TITLE (2.0.21) | WF_POPUPS_JCEMEDIABOX_TITLE (2.0.21) | WF_POPUPS_WINDOW_TITLE (2.0.21) | WF_AGGREGATOR_VIMEO_TITLE (2.0.21) | WF_AGGREGATOR_[youtube]_TITLE (2.0.21) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.0.21) |
Components :: ADMIN :: Polls (1.5.0) | Mass Mail (1.5.0) | Module Manager (1.5.0) | Template Manager (1.5.0) | Language Manager (1.5.0) | Content Page (1.5.0) | Plugin Manager (1.5.0) | Configuration Manager (1.5.0) | Frontpage (1.5.0) | Akeeba (3.4.3) | Banners (1.5.0) | Media Manager (1.5.0) | RokNavMenu Bundle (3.4) | Messaging (1.5.0) | Newsfeeds (1.5.0) | Menus Manager (1.5.0) | Cache Manager (1.5.0) | Contact Items (1.0.0) | Sobi2 (2.9.4.1) | Sobi2 Search Module (2.2) | Search (1.5.0) | Installation Manager (1.5.0) | CK Forms (1.3.5) | Xmap (1.2.14) | Remository Plugin (1.0.3) | Content Plugin (1.5.1) | Hot Property Plugin (1.0.1) | Rapid Recipe Plugin (1.0.0) | JEvents Plugin (1.0.3) | Virtuemart Plugin (1.1.4) | Agora Plugin (1.0.0) | JoomDOC Extension (1.0.0) | Contacts Plugin (1.0.1) | Mosets Tree Plugin (1.0.1) | Eventlist Plugin (1.0.0) | JoomSuite Resources Plugin (1.0.0) | Rokdownloads Plugin (1.0.4) | JCALPro Plugin (1.0.0) | JoomGallery Plugin (1.5.1) | DOCman Plugin (1.5.0) | SOBI2 Plugin (1.5.1) | Yoflash XMap Plugin (0.0.1) | Kunena Plugin (1.0.2) | RD-Autos Plugin (1.5.0) | RSGallery2 Extension (1.0.0) | Jomres Plugin (1.0) | CMS Shop Builder Plugin (1.5.0) | Zoo Plugin (1.0.4) | JMovies Plugin (1.5.0) | Gallery2 Bridge Plugin (1.0.2) | lknAnswers Plugin (1.5.0) | JDownloads Plugin (1.5.1) | Glossary Plugin (1.5.2) | AcyMailing Plugin (1.0.0) | Web Links Plugin (1.5.1) | KnowledgeBase Plugin (1.0.0) | MyBlog Plugin (1.5.1) | SectionEx Plugin (1.0.2) | Trash (1.0.0) | User Manager (1.5.0) | Gantry (3.1.18) | Weblinks (1.5.0) | Unknown (-) | JCE (2.0.21) | Editor - JCE (2.0.21) | Control Panel (1.5.0) |
Modules :: SITE :: Related Items (1.0.0) | Wrapper (1.0.0) | Custom HTML (1.5.0) | Banner (1.5.0) | RokTabs (1.20) | Latest News (1.5.0) | SOBI2 Drop down Menu Module (1.1) | Footer (1.5.0) | RokStories (2.2) | Statistics (1.5.0) | Login (1.5.0) | Sections (1.5.0) | Feed Display (1.5.0) | Breadcrumbs (1.5.0) | Poll (1.5.0) | RokTwittie (2.7) | RokSlideshow (4.2) | Most Read Content (1.5.0) | Archived Content (1.5.0) | Menu (1.5.0) | Newsflash (1.5.0) | Search (1.0.0) | RokNavMenu (3.4) | Who\'s Online (1.0.0) | Sobi2 Search Module (2.2) | Syndicate (1.5.0) | sobi2 Simple Featured Listings (v2.0.6) | SOBI2 Latest Module (1. | Random Image (1.5.0) |
Modules :: ADMIN :: Online Users (1.0.0) | User Status (1.5.0) | Custom HTML (1.5.0) | Footer (1.0.0) | Logged in Users (1.0.0) | Items Stats (1.0.0) | Login Form (1.0.0) | Latest News (1.0.0) | Feed Display (1.5.0) | Akeeba Backup Notification Mod (3.4.3) | Admin Menu (1.0.0) | Quick Icons (1.0.0) | Title (1.0.0) | Toolbar (1.0.0) | Admin Submenu (1.0.0) | Popular Items (1.0.0) | Unread Items (1.0.0) |
Plugins :: SITE :: Authentication - LDAP (1.5) | Authentication - OpenID (1.5) | Authentication - GMail (1.5) | Authentication - Example (1.5) | Authentication - Joomla (1.5) | Editor - JCE (2.0.21) | Editor - RokPad (1. | Editor - TinyMCE 3 (3.2.6) | Editor - XStandard Lite for Jo (1.0) | RokNavMenu - Boost (3.4) | RokNavMenu - Extended Link (3.4) | Content - Load Modules (1.5) | Content - Page Navigation (1.5) | Content - Vote (1.5) | Content - Email Cloaking (1.5) | Content - Code Highlighter (Ge (1.5) | Content - Example (1.0) | Content - Pagebreak (1.5) | Content - CKforms Form Display (1.3.4) | Search - Sections (1.5) | Search - Content (1.5) | Search - Newsfeeds (1.5) | Search - Contacts (1.5) | Search - Weblinks (1.5) | Search - Categories (1.5) | User - Example (1.0) | User - Joomla! (1.5) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) | System - Title Manager (2.0) | System - SEF (1.5) | Akeeba Backup Lazy Scheduling (3.3) | System - Remember Me (1.5) | System - Backlinks (1.5) | System - Legacy (1.5) | System - OpenPotion Asynchrono (1.1) | System - Mootools Upgrade (1.5) | System - Log (1.5) | System - Debug (1.5) | System - Cache (1.5) | System - Gantry (3.1.18) | Button - Readmore (1.5) | Button - Pagebreak (1.5) | Button - Image (1.0.0) |Templates Discovered :: wrote:Templates :: SITE :: rt_gantry_j15 (3.1.18) |
Templates :: ADMIN :: Khepri (1.0) |