PHP script: malicious JavaScript code at the end

Question

The problem:

On my webspace there are PHP files which all end with this:

Before

Answer 1

This happened to me a while back in different manners. A work account was compromised through phpBB via a code exploit. Somehow, they even added themselves into the mySQL db users table. That caused us to completely remove the program and discontinue use.

An old Joomla install was the vulnerability that allowed people to do exactly what you speak of to my personal site. I had forgotten it was even out there, but it was enough to open the door for them to install malicious code on several different sites. I took the site down, changed permissions, updated Joomla, and scrubbed files.

My current production server gets "sniffed" for phpMyAdmin more than 1000 times per hour during some peak hack attempts. The bad guys are working overtime!

Bottom line, be wary of open source code and if you do use it, update, update, update.