No sub-pages loading, only the home page loads regardless of URL

Hi guys,

I have had to take over a ModX Revolution website (2.2.7-pl (traditional)), so I am sorry to say I don't have much experience with the platform, though I am a developer.

Client informs me that only the home page is loading, regardless of what the user clicks or the URL they visit. They appear to be correct.

The URL is http://www.chaletfourmiliere.com/ and when the user clicks any internal links it simply reloads the home page.

Is this behaviour familiar to anyone? What steps can I take to troubleshoot the problem?

The only change we can see in the management logs is a load of updates from 14th May by 'modxsecure'. It calls the 'file_upload' action on the object '/home2/chaletf2/public_html/connectors/resource/'. I don't know what it was doing but it appears to have screwed everything.

It looks as if your site has been hacked.

A Google search of site:chaletfourmiliere.com/ brings up a warning and a lot of links to foreign web sites.

It could be the .htaccess file.

The sitemap file is enormous and contains many unlikely looking addresses.

chaletfourmiliere.com/sitemap.xml

Unfortunately there are a number of security vulnerabilities in version 2.2.7.

If there is one I would retrieve the backup of the site from before the problems occurred and then upgrade to the latest version of MODX.

If you have a user with the username modxsecure (look in "Manage Users"), and that's not a legit user on your site, you've definitely been hacked.

If you can back up from an old backup, make sure that user doesn't exist in the backup.

Since uploads occurred, you can be pretty sure that the hacker has left one or more back doors in the form of files, and knows your Database username and password, so you'll need to delete all files that aren't needed for the site, and after you get the site clean from a backup, change all usernames and passwords.