Quoted from Friengineer:
That's a fine fix as well as the way back machine but we are a couple of farts away from 2020. There is no reason why a website should act like it's 2002.
I don't think that actually does anything. www or non-www doesn't seem to affect the malicious redirects. It might be based on the browser agent, referral, or cookie data, or some combination thereof.
I suspect there is malicious code embedded in some of the php files. It's a common method of infection and selective redirection so that some visitors get redirected and others do not. It's a way to stay hidden longer.
These infections usually occur when there's a vulnerability in a website. Unfortunately, the wiki had not been updated in a while, so it's likely a malicious actor took advantage of an unpatched vulnerability and used that as a means to embed code into the site.
The site was upgraded, and hopefully would have replaced the infected files, but this appeared not to be the case. So either there's still some infected files that were left in place (sometimes not all files need to be replaced during an upgrade), possibly some malicious code ended up in the database, possibly that malicious database code wrote itself back into the php files, or the site somehow got reinfected by other means.
Without actually getting eyes on the source code or database, all I can do is speculate. It sounds like Casey received a few offers of help with cleaning out the infection--I'm not sure if that went anywhere yet or not since Casey's last post in the thread here.
A wiki is not a look. It's a type of website. It allows others to collaboratively edit the structure and content, and also logs the changes.
Currently, a wiki is the best engine to use when multiple people are editing content on a single website, unlike with a blog where there is basically only one author.
Quoted from Friengineer:
Is it the fact anyone can edit the site? Let's shut that function down and come up with a submission process.
No, only users with user accounts can edit, and those user accounts need to be approved manually.