security question: hacking of some files

Question

today I load my home page and I get up a malicious code, I checked all ftp files and I see that all *.php (index.php, qa-config.php....)  and .html files in ftp root they this javascript code

is possible that this vulnerability is caused from ckeditor? ...you some idea?

Answer 1

If all php files have this javascript code I think it cannot be the ckeditor. If it was ckeditor you would find the js-code within all posts. If I am wrong, plz correct me.

To change your php files, you need ftp access to your server which you cannot get through q2a software as far as I know. So maybe somebody got/stole an ftp login of yours?

What is your server log saying? Is there a bunch of php file accesses in the logs?

I am not an expert, just some thoughts.