strange injection in index.php

[eluser]antonyz[/eluser]
Hi,

yesterday one of my clients site was hacked, i didn't develop the site itself and i don't have lots of experience working with codeigniter, but the issue was solved and i need any valuable information to prevent this behaviour in the future.
As i said, i haven't worked much with codeigniter, so i will be thankfull for any help you could provide.

The problem was that the main page loaded blank, the hoster said, there was an error in the main index.php file, once i opened it i saw this code (at the bottom of the file):

http://pastebin.com/9mvk6PzL

What is it? a cookie hijacker, a redirect or what? As i see it is some sort of hash, is there anyway to decipher it?

P.S. codeigniters version on host is : 1.7.1

Thanks in advance.

[eluser]antonyz[/eluser]
i i figured out some code logics, seems that koko11="%" that way the injection code is
http://pastebin.com/VzUNxDvb
i deciphered it and now it looks like this:
http://pastebin.com/4f7rUnJr

for me it's some sort of codeigniter exploit on random harvested sites or it's a targeted attack?

[eluser]loosetops[/eluser]
It is not a CodeIgniter exploit.

That exploit has been going around for last couple of months, and it is linked to compromised ftp, sftp and ssh accounts.

A trojan on a machine captures the ftp/sftp/ssh login information and then appends a Javascript payload downloading code to one or more .php,.html files.

[eluser]antonyz[/eluser]
ty loosetops,

turns out that's it is the clients fault, because their machine was infected and that malicious software got an access to ftp and edited files on this particular host?