Hi bob3160,
Some further analysis observations:
See where the redirect went: alang-alang.vsu.edu.ph/language/red.php (no alerts detected now)
What was there before:
http://urlquery.net/report.php?id=6711562For the IDS alerts suppressed:
http://www.support.jpgottech.com/knowledgebase.php?article=52 (info Knowledgebase)
And here we are at the malware redirect:
GET /components/com_jnews/includes/openflashchart/tmp-upload-images/discovercard/discovercard/discover/index.php HTTP/1.1
Host: -hadamak.com.br
See: htxp://lifestyle.fsp.co.za/errors
On that main site htxp://lifestyle.fsp.co.za
lifestyle.fsp.co dot za/sites/all/modules/lightbox2/js/modal.js?9 benign
[nothing detected] (script) lifestyle.fsp.co.za/sites/all/modules/lightbox2/js/modal.js?9
status: (referer=lifestyle.fsp.co.za/)saved 953 bytes 88f181fe0d9236fdf705dde023973361ed3716cb
info: [decodingLevel=0] found JavaScript
error: undefined variable Drupal
error: undefined variable Drupal.behaviors
error: line:1: SyntaxError: missing ; before statement: (will leads to warnings in some IE browsers)
error: line:1: var Drupal.behaviors = 1; (do not dump PHP variables into JavaScript strings in such a way)
error: line:1: ....^
suspicious:
polonus