I have this code injected in my site. How can I decode the trailing string? I need to know what happened and what is the code behind it.
This should output the code that would be executed by eval()
:
<?php
echo gzinflate( base64_decode( /* insert code */ ));
?>
I hope that's what you were looking for.
I use this to remove the nasty code injected in all my PHP files from public_html folder:
find -name "*.php" -exec sed -i '/<?.*eval(gzinflate(base64.*?>/ d' '{}' \; -print
Cheers!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With