Thread: base64 decode
View Single Post
  #2 (permalink)  
Old 07-07-09, 09:25 PM
wirehopper's Avatar
wirehopper wirehopper is offline
-
  
Join Date: Feb 2006
Posts: 2,516
Thanks: 20
Thanked 109 Times in 106 Posts
To me, that looks like the script got hacked, or it is placed there to hack.

It decodes to:

PHP Code:

$document =& JFactory::getDocument();

$document->addCustomTag($header_code);

echo $MyForm->addhash(); 
I think you should backup your database, clean the server, save any files you can, and upgrade.

Joomla! Developer - Core Security

To determine the extent of the problem, you can use grep -r GRvY3VtZW50ID0mIEpGYWN0b3J *. Then, you either have to remove the code from the files, or delete them. Check for .htaccess files, too.
Reply With Quote