One of my clients 2.2.14 sites has been hacked. We're not in charge of patching / maintaining their install otherwise they'd be running 2.2.16 onwards.
It looks like they're injecting a CSS selector into the Head which pushes the offending content off the screen. Effecticaly, you wouldn't see the malicious content and I can't even see the selector when viewing the source.
<style>
.icfzufcs {
position:absolute; left:4000px;
}
</style>
Does anyone know how this works. IE Has the site login and manager been comprimised or is this likely a breach involving a malicious file sitting on the server?
In the meantime, I'm going to upgrade to 2.2.16