How did I encounter it eval base64_encode hack
I got to know this hack after I was contacted by my hosting provider telling me that one of my WordPress/Joomla websites was generating a lot of spam traffic. If you are running your own host you might discover it by monitoring the e-mail traffic generated by your server or if the load on the server has unnaturally increased.
The issue spread quite quickly and soon many others websites got hacked. I also got a lot inquiries from friends having the same issue.
How does it happen?
Sites are hacked after an attacker sends through request a piece of code that gets executed once received. That is usually done through untrusted plugins, or flaws in the CMS software.
The attack usually sneaks a line of bad code in some of the CMS’s original files. Usually in the beginning of the files, could also be in the middle. In general they try to replace a line starting with <?php with a line that has many blank spaces followed by something that usually looks like this:
eval(base64_encode('Zwnkjlhfk....'))