I've found, that unknown dangerous JavaScript has been added into my index.php file. This file is CHmod'ed to 644 and it does not contain any external files or Ads. I removed this threat, but I'm confused how does it has been inserted into my file (just before </body> tag)... And how to protect from that injection in the future. Any ideas and help?
Sloppy code can lead to injections. Google preventing XSS attacks Shoot your developer or at the very least take them round the back and kick the hell out of them for uploading code that can be exploited.
this can depend on a variety of factors most CMSs have exploits, and being easy to be found ( most cms write in meta tags the generator and often its version), they're prone to be attacked. Many times it can even not be your fault, but someone else on the same shared server, especially if the server security settings are poorly configured. Make sure you clean everything ( if it's the injection I think about many of your php files will have such code, and your js files too ), and change your passwords. Do you store your passwords in filezilla website manager? You should understand how it happened or it will probably happen again
Talk to your develper - was the code written by them, or another person - are you only using script libraries? TheWiseGuy is correct in saying That's why I like my Dedicated Look at how the exploit came to be - do you have a CMS Login area - can code be added from here? Maybe someone has got your password? You need to be careful with this - bad links can easily be generated with Javascript - and once Google sees them, your site might drop a few positions in the SERPs.
This isn't CMS. I wrote the whole CMS myself. All inputs ant GET vars is secured. I have no actual idea how it was happened, so as anti-malware program didn't found anything.
I'd get a friend to check over the code. Perhaps ensure your using htmlstripslash() eetc a littel more frequently to ensure youre 110% capturing bad inputs. Don't rule out the face that it could be entirely out of your control though - do a reverse IP lookup to see who else is hosted on your shared server and see of they've experienced the same!
And be sure to double-check your computer for viruses. Password hijacking has been increasing dramatically lately, allowing hackers to gain access to FTP accounts. After you scan your system with your normal anti-virus software, download an additional program like Spybot: Search and Destroy and let it take a second look, just to be extra safe. Then be sure to change the passwords on all of the FTP accounts for your site.
You have to sanitize all user submitted data not just $_GET, all as in $_GET, $_POST, $_COOKIE, $_REQUEST, $_SERVER. use htmlspecialchars() to prevent XSS (ie. when echo'ing user submitted data).
I use striptags() too. If the OP wrote the CMS he should have a class or function called at every point of data entry to his app.