Evo & revo websites hacked... What to do ?

Hi,
I am writing this post more because I am desperate than angry.
I love modX and I've been using it for 10 years now; many websites I built were under Evo. But after 5 or 6 websites hacked lately (in 2 months), I decided to finally to jump into Revo, thinking I would not be annoyed by any security issues again.

Last week I created a new website under Revo, and here is what I get from my host provider this morning :
System administration has determined that you have a script in your account that is "core dumping" on the server. The core dumps were removed, but were location in your account at the following location:

/home/mywebsite/public_html/demo/assets/components/gallery

Core dumps occur when a process is loaded into memory and terminates itself prematurely, causing the memory segment to be written to the disk as a file. You can find more information about them as well as how to read them here: http://www.inmotionhosting.com/support/website/what-is/what-are-core-dumps

While we are not sure exactly what is causing this behavior, we attempted to extract some data from the core dump to assist in locating the source:

/home/mywebsite/public_html/demo/assets/components/gallery/connector.php

The core dumps being caused by the above command is related to a scripting issue, or the process that generated it may have crashed during execution. If this is a recurring issue, we highly recommend reviewing the file that generates the core dump to prevent further issues.

Feel free to contact us with any further questions.

Any idea of what should I do ?

Thanks for helping.

Just out of interest, did you follow the guides to clean up the hacked Evo sites, including the database issues ?

If you did, you should no-longer have problems after updating to the latest Evo release - 1.2

You shouldn't need to transfer to Revo, that also had security issues, as can be seen here

Heh, security issues happen sometimes, but that must've been quite bitter to take the jump to Revo right before the 2.5.1 vulnerabilities were discovered!

If you hadn't updated to 2.5.2 yet, those core dumps could theoretically be a sign of someone trying to do nefarious things (third party component connectors could be used as an entry point). Alternatively, as it seems to be Gallery specifically, it could also be related to one of its core functions: thumbnailing images. Perhaps you've had some corrupted images causing something to break. Investigating the core dumps could potentially yield some more information but it sounds like they were removed already.

Either way, I recommend you update and check if there are any things out of the ordinary. Users or plugins that don't belong in the site. Modifications to the htaccess. Google web master tools verification files you didn't place there.