Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
0 votes
480 views
in Q2A Core by
today I load my home page and I get up a malicious code, I checked all ftp files and I see that all *.php (index.php, qa-config.php....)  and .html files in ftp root they this javascript code

is possible that this vulnerability is caused from ckeditor? ...you some idea?
Q2A version: 1.5

1 Answer

+2 votes
by

If all php files have this javascript code I think it cannot be the ckeditor. If it was ckeditor you would find the js-code within all posts. If I am wrong, plz correct me.

To change your php files, you need ftp access to your server which you cannot get through q2a software as far as I know. So maybe somebody got/stole an ftp login of yours?

What is your server log saying? Is there a bunch of php file accesses in the logs?

I am not an expert, just some thoughts.

...