Assuming you're running some form of linux on the servers ... and you're really sure that your sites are being redirected - a few possibilities might be
1) Redirection at the web server level(apache - httpd.conf etc.) This kind of redirection would work on all sites..
2) Redirection at the .htaccess file level which works for each individual directory or site if there's only one .htaccess file for the whole site... This kind of redirection would need to be implemented for each individual directory or site.
3) Redirection at the code level... For examplle in php something like
die(); and then that page.php redirects it back to the website itself..
If you think it;s been setup as a cron job you might want to look under the hood of the cron what kind of jobs are running...
So you might need to check these places for any breach...
If it's a mass redirect - that is all 200 sites redirect, in that case it's possible that the redirect might be at the web server level(hhtpd.conf) because it takes lesser work to do so or possibly through an .htaccess file outside the document root (public_html, not too sure about this though)
Would be great if you can supply one or two of the URLs in question.
Some WordPress plugins have the potential for malicious redirects/SEO poisioning/clickjacking, (WPPPM comes to mind) and the like. If this is occurring on multiple sites it could also be the result of a mass defacer. This will definitely need an audit....
| John Edel • Jetfire Networks L.L.C. • Trusted Hosting Solutions
| Consistent, Reliable, Stable OpenVZ & KVM Virtual Private Servers
| SpamWall AV & Full SMTP Filtering • Now an SSLStore Titanium Partner!