swa66 - 12:17 am on Jan 8, 2013 (gmt 0)
That's typical obfuscated code used by hackers. In essence the script calculates z from that n and then the eval(z) attacks your visitors.
Now to know what the script tried: you'd have to deobfuscate it. Usually the easiest is to take the obfuscated script on a sacrificial machine (read: virtual machine taht you copy and wipe afterwards in case it does execute too much) and replace the eval near the end with an alert and run it: it'll show what it tried to execute.
This kind of thing is not without danger: most of those will exploit the browser or some plugin, or load next stages that will eventually do that depending on the browser type and version detected.
In essence the right thing to do:
- consider all your machines that visited your website or were used to manage the content on your website as hacked till proven otherwise - note: an AV scan is no proof.
- find out how they got in (that's not in this script), it's most likely something else like SQL injection, SSH, ... if you cannot find it (hackers that know what they do wipe their traces): you're in for a lot of work as you now need a full security audit to find vulnerabilities and correct them - if you do not do this it will only come back again and again and again.
- fix security of your server to prevent future break-ins
- figure out what the script they put on every page of your site actually did
- warn visitors that you got hacked and tell them what they were subjected too (esp if you have recurring visitors)