[Onkel Neal]

10-9-10 update:

Quote:

Hello Neal,

A virus scan on your account does not show anything suspicious:

root@server2 [/home/subsimc/public_html/radioroom]# find -type f -not -name "*.7z" -not -name "*.rar" -not -name "*.zip" | sed 's/ /\\ /g' | xargs clamscan -i
xargs: unmatched single quote; by default quotes are special to xargs unless you use the -0 option

----------- SCAN SUMMARY -----------
Known viruses: 841714
Engine version: 0.96.3
Scanned directories: 0
Scanned files: 2347
Infected files: 0
Data scanned: 14.03 MB
Data read: 8.27 MB (ratio 1.70:1)
Time: 5.846 sec (0 m 5 s)

I am also unable to find any reference to the URL your client is complaining about or hidden functions that could provide a vector of attack in your site's code or database (except for thread 175495).

As such, the context clues suggest that they are suffering from a localized infection that will need to be removed using a virus scanner.

The only contraindication to this is that some browsers are reporting that the site is unsecure (though mine did not). If this continues, we'll need to exact URL that is causing the issue and the referring URL if they clicked through to your site so that we can attempt to reproduce the issue.

Regards,
Adam VanKirk
Systems Administrator, Advanced Services
RHCE, Security+

Anyone have the exact URL and referring URL mentioned above?