Evo 1.2: friendly URLs broken after update to 1.2

7 Posts

martin.lindenlauf Reply #1, 7 years, 4 months ago

I updated from Evo 1.1 to 1.2 (after beeing hacked - shame!). Friendly URLs are not working (404). After disabling friendly URLs in configuration the page works fine. I used the .htaccess delivered within the 1.2 package without any changes.
The page is linked directly to the /modx folder => no need to change RewriteBase (correct?).
The page is hosted by Host Europe.

Background information:
I deleted the entire /modx folder after the hack and restored it from a Hoster's backup dating before the hack.
Not all files had been restored - I found at least some files under /manager/includes/ missing after the restore including config.inc.php (= the reason why I found out that something's missing: no update option in install). I took the config.inc.php from a backup of the hacked version (checked manually for manipulations). I didn't do any research in why there where files missing in the restore; guessing that the update will bring all files needed to run MODx I just run the update. The site works fine besides the problem with the friendly URLs (e.g. no "personal stuff" like CSS-files and images missing in the restore).

Any suggesttions how to find out what's going wrong?
Do I need to try a "clean install", manually inserting the "personl" files?
Anybody else problems with friendly URLs with Evo 1.2?

This question has been answered by martin.lindenlauf. See the first response.

953 Posts

iusemodx Reply #2, 7 years, 4 months ago

Do I need to try a "clean install", manually inserting the "personl" files?

This in my opinion is the safest way to go after being hacked.

You also need to check the database for any malicious code, read here for more info

Ref. rewritebase - if your modx install is in a folder called modx, then yes, you probably will have to modify the .htaccess by adding the folder name

UNLESS, your website root is pointed at that folder from the server, e.g that you can add multiple domains to your hosting package by adding folders to the route and designating a folder per domain

Download the latest Evo release
Report an issue about Evo
Read the Evo documentation

1,198 Posts

Nicola (Banzai) Reply #3, 7 years, 4 months ago

1) sometimes hacks are more older than you think, your backup should be corrupted
2) the latest hack is based on a code injected in your db , you need to find it and delete: you can download evo check (anti hack utility) from extras module to find the corrupted code.
3) check any strange files in your site root (not just evo folders) like .htacess , fake site maps.. and more.

This is a SEO hack, made to spam some low quality ecommerce, modifying your sitemaps, urls, and meta tags..

Free MODx Graphic resources and Templates www.tattoocms.it
-----------------------------------------------------

MODx IT www.modx.it
-----------------------------------------------------

bubuna.com - Web & Multimedia Design

discuss.answer

7 Posts

martin.lindenlauf Reply #4, 7 years, 4 months ago

Ok, thank you for the hint!
I wasn't aware of the fact, that plugin code is stored directly into the database and therefore the database can (and will probably) be corrupted after a hack.
I thought all (core and plugin) code is stored in files, therefore I guessed the database would not be affected... I was wrong!
EvoCheck found malicious code in TinyMCE Plugin (they duplicated the Plugin, adding some "eval(base64_decode(" after the "end plugin code" comment *smile* and deactivated the original plugin).

I'm going to do a "clean install" of Evo 1.2 as @lusemodx suggested, to be sure, that all files are clean. Inserting the "personal" files into /assests/ will be needed but not to much work to do.

The problem remains what to do with the database. I see two possibilities to proceed:
(1) I'd feel better if I could start with a fresh clean database too, but then I need a way to duplicate at least the site's content from the original (which would leave me with the need to copy templates, chunks, snippets, users, ...? manually but this would be ok). Can I export certain tables via phpMyAdmin and reimport them into the new database after the fresh install? Which tables would be needed? Is there any description of this kind of workflow out there (I coudn't find any)?
(2) The other option is to clean my database and proceed with that one. Do you think that I'm save enough if EvoCheck does not report any further suspicious code inside the database? In that case: is it possible to do a "clean install" using an existing database, or do I need to use a new database, overwriting the whole new database with a dump of the old one after the installation (as described for moving MODx to another server)?

Last but not least: we are off topic here - I didn't know which direction my question would take...
There seem to be other users facing similar problems this time: maybe I should change this thread to something like "Evo 1.1: steps after beeing hacked" and discuss the friendly URL issue later in a new thread (if the issue remains)? What would you suggest as "best practice" in such a case?

Edit:
Friendly URLs work fine on a clean install. My Evo 1.2 was an upgrade coming from a hacked 1.1 - somthing must have gone wrong there. Sorry!
I think this thread should be closed, leaving the "how to proceed" question to be discussed here.
I'll mark this post as answer, but the reward should go to iusemodx and Nicola (Banzai) - thank you! [ed. note: martin.lindenlauf last edited this post 7 years, 4 months ago.]

1,198 Posts

Nicola (Banzai) Reply #5, 7 years, 4 months ago

which tables restore depends by your site features (if you have webusers, jot comments, additional modules or custom tables/code)

To do a backup, you can use phpMyAdmin or Evo manager Backup utility (tools > backup)

Tables for a basic backup of just your content, tvs, templates and chunks

modx_site_content
modx_site_content_metatags (only if you still use deprecated modx metatags feature)
modx_site_tmplvar_access
modx_site_tmplvar_contentvalues
modx_site_tmplvar_templates
modx_site_tmplvars
modx_site_templates
modx_site_htmlsnippets (chunks)
modx_categories (to get back your categories order for chunks, tvs and templates)

Additional tables if you use Jot for comments:

modx_jot_content
modx_jot_fields
modx_jot_subscriptions

Additional tables if you have webusers:

modx_web_groups
modx_web_user_attributes
modx_web_user_settings
modx_web_users
modx_webgroup_access
modx_webgroup_names

Note: you can create multiple backups from your site (one for content, one for webusers)

Restore your site

Suggestion: before clean install, change your db password

1) do a clean Evo install (with a new manager password)
2) rename your .sql backup with something like mysite_content_bkp.sql
3) upload to assets/backup
4) go to manager > tolls > backup > restore
5) restore your mysite_content_bkp.sql
6) install missing third party plugins, modules and snippets from Extras module or with clean packages (don'use files from the infected site)
8) recreate from zero (new username and password) additional admins or manager users
9) upload your personal files, like images and templates files, only after a check of possible infected files (you can search for *.php files in your images folder using Explorer or Finder on your pc/mac)

Now you have a 100% clean and fresh Evo 1.2

Free MODx Graphic resources and Templates www.tattoocms.it
-----------------------------------------------------

MODx IT www.modx.it
-----------------------------------------------------

bubuna.com - Web & Multimedia Design

Answered Evo 1.2: friendly URLs broken after update to 1.2