In the last week, I've had 4 of my accounts hacked, or blue hosts servers are infected. I can't tell which.
Keep an eye on your htaccess files in the root and public_html folders for editing. 4 separate accounts had issues so far, 12 different websites.
The htaccess file gets redirect code added to the end of the file... Sneaky though, you have to scroll way down and way to the right to see it. This access file allows editing of EVERY PHP file on the server to add some sort of cookie. The hacked PHP files will have a long string of code at the top (way to the right of the <?php code reference) Starts off with "global $sessdt_o"
You can tell a file has been hacked by looking at the date. Mine all started on 11-8-2011.
Simply editing the htaccess file won't work. it will change back almost instantly. There is some rogue code somewhere on the server that we can't see. I had to have BlueHost restore my ENTIRE account from a month ago, including SQL. At first this didn't fix it. Then another ticket asking for server logs and explaining in detail what was going on and miraculously the rewrite went away "by itself". Not sure if the techs found something and deleted it or not. They will not reply to my emails.
I don't believe it was outdated code on my site. 1 of the accounts only had static sites with no PHP just html, and the htaccess was still edited.
So please, update your scripts, look over your files for recent changes, and for our sake... Check your htaccess files for editing.
Two places on-line that had exactly the hack that's going on..
Has anyone here see this before?