Thread:Project:Support desk/Search results page redirects to unsafe site/reply (3)

yeah, that definitely looks like someone modified one of the php files (server sends 301 redirects to bad places).

(Furthermore, The admin editable js isn't even being loaded for people not logged in, since it's not on the page whitelist and the wiki is read restricted)

What I would probably do would be:
 * Save your LocalSettings.php, and any uploaded images.
 * Look through your LocalSettings.php to make sure nothing unusual or strange is in there
 * Delete everything (except not your database)
 * Re-install MediaWiki (putting the LocalSettings.php and images directory you saved back).

If you have your apache access_log going back a while, looking for unusual requests might be able to tell you how the attacker gained access (obviously getting rid of the tainted php files means nothing if the attacker can still regain access). There are no known security vulnerabilities that give filesystem access in MediaWiki 1.16.5 (although that version is outdated), so I'd say its more likely that they gained access through something else.