The client’s site had been hacked. We knew this because of a warning from her host and we found links to illicit material, which is common with site hacks.
We fixed the hacks, removing the bad code. Then we conducted a security audit to close up any holes. The site now has protection from common hacking strategies.