The PHP “base64_decode” function is more popular in attacks, because it allows the hacker to encrypt malicious coding statements. The “base64_decode” function decrypts the code upon execution, so it is only seen when the code is opened in a web browser. This PHP function is typically used to include hidden links to malicious websites. Usually, the hacker places the malicious code several lines below the main content, so the webmaster misses the statements. Make sure you scroll all the way to the bottom to find the malicious statements. The following code is a random example of a PHP hack you can find on hacked web pages:
eval(base64_decode($_SERVER57F))%32%5E|.+)
All of the code after the “_SERVER” statement is encrypted code. In this instance, you must delete the entire line of code to remove the hack.