We have a site that was developed by a sub-contractor of ours. They developed it in Joomla (per the client's request). I'm more of a Drupal guy - so my knowledge of Joomla is only cursory.
Apparently there's something happening in Joomla (probably via one of the plugins) where the htaccess file is getting hacked/modified/compromised...and all sorts of extraneous malicious instructions are being inserted into the file.
If referred from google, yahoo, ask.com, etc...go to some Russian malware site. If a 400, 401, 403, 404, 500 error...go to that Russian malware site.
I've done a little bit of research - and it appears to confirm that this is a problem with some outdated plugins.
Anyone have any experience with this - and have any suggestions for where I can start to debug this thing? I'd prefer a little experienced guidance or helpful hints before I start googling and perhaps end up with irrelevant suggestions.
Thanks in advance!