Half the reason I wanted to overhaul my website was to add a blog section so I could post about the things that took an inordinate amount of time to resolve, that shouldn’t have.

Or, in this case, that shouldn’t have happened at all.

I received an alert from one of the pieces of security software I use on my clients’ websites, to notify me that a core CMS file had changed.

This sent cold shivers up my spine as I envisaged dealing with a website hack. However, when I looked into the problem, I was surprised to see that some code had removed from the file, not added, as you’d typically expect from a hack.

Nonetheless I went through the motions. And having spent a couple of hours checking things out, I was pretty convinced that there was no other evidence of a hack. So I wondered why else the code would have been changed. The code in question is a base64 string that embeds a font definition in a css file. Being base64, it does look kind of scary, because it’s encoded. I did some searching online and found a post that reported that someone’s host had suspended their account due to this piece of code.

“Surely not”, I thought. But then I thought, “yep, probably.”  Because the incredible always happens in IT. So I sent a support ticket to my client’s host in the US (not a company I would recommend – this was a case of inherited legacy) asking whether they have malware scanners running on their servers and whether they could have inadvertently removed this code. After the usual back-and-forth exchange, the answer came back:

Unfortunately this file, mistakenly identified as malicious code and[sic] was removed. We are sorry for the inconvenience caused.

I haven’t checked the terms of service yet, but this seems pretty ridiculous to me – that your host would be able to just remove stuff from your website. Even if this is allowed for in the terms of service, it seems even more ridiculous that they’d just do it with no notice given.

The really troubling thing is that this file is part of one of the world’s most widely used content management systems, and has been around for a long time.

Here’s hoping this post may save someone else some stress and time. Here’s more of the code just to help search engines match this post to searches:

src: url(data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAGBQAA4AAAAAm3wAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcbYyDmkdERUYAAAFgAAAAHgAAACABIwAET1MvMgAAAYAAAABAAAAAYJYFaatjbWFwAAABwAAAASoAAAKC/cQq02dhc3AAAALsAAAACAAAAAj//wADZ2x5ZgAAAvQAAFSXAACESOAO2gZoZWFkAABXjAAAAC4AAAA2CEgozmhoZWEAAFe8AAAAGgAAACQPogifaG10eAAAV9gAAAEcAAAD2GOq3ltsb2NhAABY9AAAAe4AAAHu4pbA6m1heHAAAFrkAAAAHwAAACABSQC1bmFtZQAAWwQAAAGKAAADLCbHbA5wb3N0AABckAAAA7UAAAmnz3C/rndlYmYAAGBIAAAABgAAAAY81VSHAAAAAQAAAADMPaLPAAAAANCh83cAAAAA0KztU3jaY2BkYGDgA2IJBhBgYmAEwq9AzALmMQAADtEBKAAAeNpjYGY/yTiBgZWBhVWEZQMDA8M0CM20h8GIKQLIB0phB6He4X4MDqp/vqqzXwDxgaQGkGJEUqLAwAgAMrcKp3ja3ZA7SwNRFITPNTGy7N3jglosWCxIkHRBVAw2q6JJQEWMILGQ9dHEKjZCwCKNhZ2t/8hGG1EwWKuVOvehjbouCVhYWzlw5jAwfMUQUYZ6N0oidRLHaRLdnBVx+jcoon4azn/AwRACjKGAIqZRwgIWUUEdO2ighRMllKMCVVAlFal57ehAF3RJV03VbJq6iU3DtMypObdZ69jAjicJUUol+BhBiHxKncAMopRaRg0x9nCItiKVUb4KVbFLFdrXoS7qyFTMWpe6a5qmbc4s2Zz1bZgknYHBLH/xJ7/zG7/yCz/zEz/yA9/zLd/wFV/wKq9wmed4lqd40jvymt6Bt+9ty1huybqsyXW5LJdk5HbcO/favewt8/cSOfpBi77U+n4X6N/rG5Q9gGkAAAAAAAH//wACeNqsvQd8FGX6OD7vzM7Mbtpmsy1tN9lsS9nUbSFlEyD00EKLBaQsPWAUaRJQMSIqJTZsiA0Re1TkLBxnO107clFPDz3Uk+PUO/WOrwdJ9vX3PO/sJhvE+973//lnM/O+887MO++85enPM5zIwR85xR/iBE7iNFwKp+W4Sp1NJ+hterOO2JKJTk9O9T5CH4s8QneQ6Y9EHuEPRZvIDdzPtOdnQqMfcj8TD+W5nznCJfxVchzPhbmo/ILUC3X6OU5DgiFiMluJ2SoEghoiS4Y8YjLIabwswc7Kh0gwEAzxwUAVlFcFxf3R+l1Z626pKX1gWknd7JYVNdGHovVPWSzLLJacUYtNI+y+KRXy2CWXXOIr8KY2+3It0+DUNIuwiX91V26q3WXdUpaZa0slKdGH+FefYmenW3ICY9Mr7b5LLlkyVq6Y7Cto0q0cmcPq5AjxcBGpUVZzGdAntiqTUWeQSgjR2Qtcfp0vQE4JnS1r1rREaEoEUlm9piXa1LKGppBTa1r4Qy1r4LUF7t9QxyfSR9CXaawes6whbg3xe0UC3Yqb1HjHsuj66Ppl/I+kKxLdz7f2TRHyabtq0x3L+GtZOW2P3Bl9OPooP4NqySmaAvVGuF1ym1zDZXIurg7qNaVrSRpxkwYS8LldBVpCXAHI52vYsSQTyWA2BWRikrREyne70htIiJhZaZX0j02b7mj5chmRmpsbGhqebphIn7AMa7n9CrKw/1velJdX0JoX/RaTMrLHiifo7iuUW+j8xsaGp6VDWHJ7yzArESc2QwWNjc30iWVfttyxqW8WVHB+Xj5vjX7D0jfIPezEpk1k0Sa4xULnNTzd2MBxKpgfYXinNk7P5XBFOEeIzucqIW6bbC+QoPdNXltVgKsyGaQCl0+06Vga8FaZdTbo0IFD0VBb9NA1tP2ah4pqa4uEk0W10cYjN9105CbhIDkFyU1LzDm0B/pUyQud/KGi2kiktijaBDfwz2DxEVXfiSV4j0jOUHkpvZ8dcPzAnBBgRDkcPtFmtOm8fKtwsu+AkN+fGSGnREPvd+GIaMDx/4Y7If1FOsmp4Z0cOOvdJICzXgwSOY3YbbJU4Hb5GuBNAxrljEzEPHroRdKUfaHLndH/+gXCNWurvp1HOzo8HR6Pp6NekEhTFp7LpoekXOVSvdt1wdvt/RumV42Ai0o2ejpI59xTdC+cyoBT2fRFWH8R7nUpKvVzRs4GbZdUboI9FiSujGDAYdbwJgkXGps/sBqlzgX0H5dHvxp/9Jbx/Dafb8EcolpD/0yyibWoune3dbrFarVMt1qEnxf4fNHLxt9ydBxvvZxkLJhT7aF/pidI3uqfo3kWS+xCTiAe4pHV0l5Y/yXcGGV07bbBkSVeHNoSYsSBrCd2HM1a7BhYevEjPx5Z4leyIffL6tqi3u9wrEVDUW1/ZhizYUuxZSBDTp2jrEvVjfm+KTjoltqW2l1Gi8W4CzK8C3P0/sSy6KeYY+CR6+Lul0fLrTCiHIFhdEm49MwydKcKupK4g6YAri6V4SDf8ZtJr4ya0KT3/eZHejJAPwy85SfmH6GwacIovXT/weg1B336URNGvTz54I/0b4G3AqQULvgnK2x6BeabAebbIZhvmVwFPLugTFVOXCHBWwXzJE0UnJBaSJrKXlDGl0PnhIhXZbpwasCTpRMESSppWBRavLUsjah0mSX+TST9sj9s1Pof3PvlwkVfPHGj233ZB5ervK76cePq9frg8gUTStc8MlvOGjN8yjD614Nbjq44I2rd1kyzrSAl+Uz7e5sVGB6W1dAeN1cOb2+XZHhvSTba/C637A663HadNxB0B82BoN9mNJmDZtlk9nJVAZ+rQDLI6k+zg3cevbN1Me1Z3Hpnz53BzE8/MQ+DkhltxMNKhpk/6a863d19ul