I'm experiencing a very similar problem to the issue dubbs had (see link) with Revo 2.3.1.
https://forums.modx.com/thread/95643/base-href-hacked
I'm running 2.5.0 and it appears that the base url gets hacked. It happens every couple weeks, and seems to be a different site each time (often chinese). Clearing the cache fixes it.
I've gone through the steps to harden the site, moving core outside of the webroot, changing the admin login url, etc.
I've also set the base tag to: <base href="[[!++site_url]]">
And if I view source on the page (when it's been hacked), the base url does appear to be set right, but all the menu (wayfinder) links have a different url as the base url. None of the pages load when clicked, because the path doesn't exist on the other site.
And again, clearing the cache fixes this problem every time.
My config.inc.php's permissions are set to 644.
My cache's permissions are set to 750.
But I still continue to get hacked. I'm at a loss. Any help would be most appreciated.
