Now I don’t know if it happens to be a coincidence or not but during the same time the TimThumb hack came around, I had a lot of old sites and old clients having issues. For the most part, the fix was easy. Update the thumb.php file and you’re good to. Only for some, they let it go too long and had serious issues to deal with because of it.
One particular site I had got slapped by Google and I for the life of me couldn’t figure it out. I ran through all the usual checks, updated files, checked for malicious files and then would request a review from Google to remove the block. After quite a few tries with Google requests and not being successful it turned out it was sitting right under my nose, literally.
Like I said, this was after quite a few tries with Google and I finally noticed the issue Google was having when trying to verify the site was because it was being re-directed to some Russian site. If it was re-directing, it had to do with the .htaccess file. I popped open the .htaccess and sure enough, I scrolled down almost 100 lines and there’s a whole list of re-directs and encrypted code.
DELETE that shi.