I found about 174 lines of code – just letters and numbers – hidden in a blog theme. Since then I check every file in a theme before using it.
Just got a new theme with the following code in footer.php
[php]<?php $_F=__FILE__;$_X='Pz48ZDR2IGNsMXNzPSJGMjJ0NXIiPg0KICA8ZDR2IGNsMXNzPSJGMjJ0NXItNG5uNXIiPiA8MSBocjVmPSI8P3BocCBibDJnNG5mMigncnNzYV8zcmwnKTsgPz4iIGNsMXNzPSJyc3MtdDFnLTRjMm4iIHQ0dGw1PSJSU1MgTjV3cyI+PC8xPg0KDQogICAgPGQ0diBjbDFzcz0iRjIydDVyLXQ1eHQiPg0KICAgICAgPHA+DQogICAgICA8cD48MSBocjVmPSI8P3BocCA1Y2gyIGc1dF8ycHQ0Mm4oJ2gybTUnKTsgPz4vIj48P3BocCBibDJnNG5mMignbjFtNScpOyA/PjwvMT4uIFAydzVyNWQgYnk6IFcycmRwcjVzczxici8+DQogICAgICAgIEluIGMybGwxYjJyMXQ0Mm4gdzR0aDogPDEgaHI1Zj0iaHR0cDovL3d3dy4xbGxwNDVyNWM0cDVzLmMybSI+UDQ1IFI1YzRwNXM8LzE+LCA8MSBocjVmPSJodHRwOi8vZ3I0bGxiYnFyNWM0cDVzLmMybS8iIHQ0dGw1PSJHcjRsbDRuZyBSNWM0cDVzIj5HcjRsbDRuZyBSNWM0cDVzPC8xPi4gRDJ3bmwyMWQgZnIybSA8MSBocjVmPSJodHRwOi8vd3BmcjU1dGg1bTVzLm4xbTUvYzF0NWcycnkvcjVzdDEzcjFudC13cC10aDVtNXMvIiB0NHRsNT0iUjVzdDEzcjFudCBXUCBUaDVtNXMiPlI1c3QxM3IxbnQgV1AgVGg1bTVzPC8xPi4NCiAgICAgIDwvcD4NCg0KICAgIDwvZDR2Pg0KICA8L2Q0dj4NCiAgPGQ0diBjbDFzcz0iRjIydDVyLWIxY2tncjIzbmQiPiA8L2Q0dj4NCjwvZDR2Pg0KPC9kNHY+DQo8L2Q0dj4NCg0KPC9kNHY+DQoNCjxkNHY+DQogIDwvZDR2Pg0KPC9iMmR5PjwvaHRtbD4=';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>
[/php]
I ran it through several online decoders but nothing came up. So, is this safe code for an ad or dangerous and to be removed?
Thanks