Hello Danny Valle,
I am sorry to hear you are running into this hack. I feel your pain. I want you to know that we take security very seriously and will do our best to work with you on figuring out what’s going on.
You are right that “<?php eval(base64_decode()); ?>” does not belong there. It’s probable that the redirection to the strange site is actually an infected site. Make sure if you are browsing with Windows that nothing made it on to your system.
Please call your hosting provider and let them know you are being hacked. They need to know this in order to help stop it. Typically the only way to get rid of this is to find out how the exploit is being made and to repair that. This could be an operating system level fix or it could be another application installed in your web root. Do you have anything else installed, like phpBB, WordPress, or the like?
It’s probable that these files are corrupted as well.
* index.php
* admin.php
* system/index.php
* system/expressionengine/config/config.php
Search the above files to ensure that there is no unusual code such as iFrames or Javascript includes; if you do find that code, then please back-up the file and remove said code. If you are unsure of what does or doesn’t belong in these files, do not hesitate to ask.
You may also wish to refresh your files by following the update instructions.
Sorry to repeat myself, but I want to make sure this point comes across. You will be fighting a losing battle until you get rid of the exploit. Make sure no other apps are installed and if they are, list them here. If you are not using them, delete them. And please be sure to let you hosting service know. You might not be the only one with this frustration.
Again, I am sorry you are dealing with this.
Please keep me posted!
Cheers,