Hacking "Output.php" file

[eluser]ericbae[/eluser]
Hello,

I've posted about this previously, but I am still yet to find any solution for this.

I have a website which aggregates a number of RSS and display them in a single interface (http://www.faithfulnews.com).

The problem is, every now and then, the site stops working because "Output.php" file in the CodeIgniter library gets "hacked".

By hacked, I mean, when I look inside the file, I have a strange looking javascript code inserted.

When I posted about this previosuly, I was told to

- make sure I filter the input fields (which I did)
- put some security measures on the folder structure of CodeIgniter (which I did, I moved the application folder out of system folder, renamed it and also renamed the system folder to something like ci_1_7_2)
- change my FTP password (which I did, multiple times)

What else can I do? I am still getting this javascript inserted.

If you are curious about what the javascript is, I have uploaded the Output.php file to my server and you can view it

http://www.faithfulnews.com/Output.txt

(I changed it to txt so you can view it).

Please help me. Thanks in advance.

[eluser]n0xie[/eluser]
I might be blind but I don't see the javascript anywhere in your link. Looks like a normal Output.php to me...

[eluser]bogdan3l[/eluser]
Me too. I don't see any javascript there!

[eluser]ericbae[/eluser]
search for string "eval(String"

or scroll all the way to the right side of the screen and scroll down until you see the javascript.

[eluser]n0xie[/eluser]
That's a different output.txt then you had before :-)