PHP script: malicious JavaScript code at the end

Question

The problem:

On my webspace there are PHP files which all end with this:

Before

Answer 1

As others have suggested, the vulnerability is most likely in some script you are using, maybe something you've written yourself or then a well known application that has known vulnerabilities. This might be a vulnerability in an upload script, but I want to point out that it is also possible to "upload" files through SQL injection, see the following thread for more details