[woutersf]

Yes I will advise my client to change hosting to a proper hosting company.

I am interested in how it operates. Is it as simple as : "It runs the remote php file and adds whatever html?" or is there more to it?

I find similar functions in all the files (error_404/http_request_custom/getUseragent/getReferer/convertIpToString/getIp)

[patio11]

There is substantially more functionality, most rendered moot by code which allows the attacker to run arbitrary instructions on the server. Typically after observing that (called a "shell" in hacker parlance) one doesn't really spend much time looking at the rest of the code.