Virus changed font of whole board

[Koczkodan]

Hello,

Virus (probably bot) changed all of the fonts of my website: https://forum.dopalamy.com - Inspect any element and you will see enctrypted CSS with font called opendyslexic. I have searched any code that may cause this problem, but I couldn't find anything. I just downloaded whole website and scanned it with few keywords via Notepad++ without any results. Any ideas where to search? As you can see, it's long base64 code - when you decode it, it is simple CSS with few base64 inside aswell. Please help me, because I don't know what to do now... I have one of the newer versions of IPB.

Kind regards

[MADMAN32395]

Restore from backup? Change ftp credentials.

[opentype]

Seems to be this script in the header that injects the CSS styling: <script src="/cdn-cgi/apps/head/xMZRb_S_idQpSZyeC8wcFGjeqVg.js">

[Adlago]

'Rename of your root 'fonts' directory - for example '2_fonts', and this font will not load. Then find out which resource he wants.

 

[opentype]

Are you using Cloudflare? Since that is what that script is suggesting. If so, my guess is, that injection actually happens at Cloudflare. 

[Tom S.]

Looks like it's related to what I've highlighted here:

Located in the head of your page.

Like opentype suggested, the script above might be what's injecting it.

[Koczkodan]

Problem solved. It was related to cloudflare. Someone installed App called Opendyslexic and cloudflare base64ed all of it. Oh god, I'm speechless. Basically, when you log in to your cloudflare account and you click Apps, it is here. Thread can be closed.