Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.
For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email firstname.lastname@example.org.
i have bad news :(
Your Magento-installation seems to be backdoored by an attacker.
This piece of code is not part of magento and acts like a little backdoor.
Could you please send me the ip-adress by pm or mail? Then i’ll take a look on the downloaded backdoor file and analyse the payload.
If you have access to your FTP logs, you may want to search them for any accesses on app/Mage.php in the past as a first step to find out whether the file has been altered using FTP access. Seems to happen quite frequently in the past that malware is crawling for FTP credentials in order to infect websites, so I would go and look there first.