My web host of whom I am a reseller runs Linux Red Hat Apache 1.3.29 and PHP 4.3.6.
We have a sever code insert problem.
On all PHP pages there is sometimes a java script insert which is only created in the user's browser when accessing the page.
The Java script points to a gif file on another web hoster's server and there calls again a redirect which infects to user with a trojan or virus through the browser.
This code insert is periodically, sometimes it is there and sometimes not.
Below please find an example of the code insert. The insert however changes often:
It looks like soemthing can trigger a dynamic loading of an Apache module that causes the code insert into PHP pages.
The tech tried to stop it with mod_security but this mod stops many PHP apps from working e.g CMS, Forums etc.
Anybody has experience with this problem and hopefully a working fix.
Thanks for any help.