PHP script: malicious JavaScript code at the end

Question

The problem:

On my webspace there are PHP files which all end with this:

Before

Answer 1

If you wrote the vulnerable web application yourself then you've already got a head start figuring out where to find most of the access points are which could be exploited. Unfortunately, that may not be good enough (writing and maintaining secure web applications is harder than most people think).

If you didn't write the application yourself, or if you're re-using large, complex, components that someone else wrote, or if you simply need help getting a handle on website security then there are commercial services that can crawl your site and try to figure out where they are vulnerable, e.g.:

http://www.qualys.com/products/qg_suite/was/

These services cost money, obviously, but you can usually get a "free trial" to see if they would be helpful. Good luck!