The site is hacked again.  With these redirect hacks on Joomla site there has been a backdoor on the site that re-writes the malicious code into the .htaccess file.   Some site owners have been able to identify the backdoor file by checking through access logs. They found the file in the /tmp directory with the following file names, /tmp/jos_0djm.php, /tmp/jos_core.php /tmp/jos_gdqe.php.