Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Koczkodan Posted July 5, 2017 Posted July 5, 2017 Hello, Virus (probably bot) changed all of the fonts of my website: https://forum.dopalamy.com - Inspect any element and you will see enctrypted CSS with font called opendyslexic. I have searched any code that may cause this problem, but I couldn't find anything. I just downloaded whole website and scanned it with few keywords via Notepad++ without any results. Any ideas where to search? As you can see, it's long base64 code - when you decode it, it is simple CSS with few base64 inside aswell. Please help me, because I don't know what to do now... I have one of the newer versions of IPB. Kind regards
opentype Posted July 5, 2017 Posted July 5, 2017 Seems to be this script in the header that injects the CSS styling: <script src="/cdn-cgi/apps/head/xMZRb_S_idQpSZyeC8wcFGjeqVg.js">
Adlago Posted July 5, 2017 Posted July 5, 2017 'Rename of your root 'fonts' directory - for example '2_fonts', and this font will not load. Then find out which resource he wants.
opentype Posted July 5, 2017 Posted July 5, 2017 Are you using Cloudflare? Since that is what that script is suggesting. If so, my guess is, that injection actually happens at Cloudflare.
Tom S. Posted July 5, 2017 Posted July 5, 2017 Looks like it's related to what I've highlighted here: Located in the head of your page. Like opentype suggested, the script above might be what's injecting it.
Koczkodan Posted July 7, 2017 Author Posted July 7, 2017 Problem solved. It was related to cloudflare. Someone installed App called Opendyslexic and cloudflare base64ed all of it. Oh god, I'm speechless. Basically, when you log in to your cloudflare account and you click Apps, it is here. Thread can be closed.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.