Site hacked, who wants to figure out what this encoded string says (ROT13, eval, base64_decode, and gzinflate used)? [closed]

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.开发者_JAVA百科 Closed 11 years ago.

In several files, I found injected code in my PHP files. I attempted to Pastebin the code, but Pastebin actually wouldn't accept the code. I tried various Pastebin alternatives as well, none of them would accept the code as-is, not even StackOverflow.

So what I've done is uploaded the to my own personal server and am hosting it from a *.txt file. If someone knows a better way, please let me know. I know it seems fishy (at least, my actions seem fishy even to me) and I apologize for that.

Also, there are three "paragraphs" of code, each paragraph was found on a different page, injected at the top of all 3. The first block of code is rather small, only about 5 or so lines after wordwrap. The other two blocks of code are quite lengthy, and in the 3rd block of code exists a 4th inline encoded string.

The injected code:

http://184.172.138.95/~smgwebd/code.txt

---

After expanding the first line, I noticed that there is a little file upload form that they put in there, with this Copyright...

Copyright 2011 by kaMtiEz - MagelangCyber Team ! d0nt rem0ve copyright if u real hax0r

---

Replace the eval command with an echo and look at the resulting string.

Having looked at the first entry it expands to another encoded string. Repeating the process - i.e. taking the resulting string from the first entry and again swapping the eval for echo reveals the code.