I have gotten hit also, assume this will also fix it?
My phishing is: http://domain/ubbthreads.php?ubb=changeprefs&what=style&value=5&curl=http://inter-national-events.com/FNlnPKo2h.dbm?oEyfVuVPKEWDH=CXmKMWogabQWp19k1brq020w5801fg0c017e3091hxtpee7rv9
so am planning to change based on the above note: if( substr( $curl, 0, 2 ) == "//" ) {
header("Location: $curl");
}
