Hello,
I have been working to secure a website on Evo 1.0.15 that had been hacked back in november.
I have done the following things:
- reinstalled MODx 1.0.15 from scratch on a local server
- imported only secure files
- removed code injection in the database (Quick Manager plugin)
- upgraded to 1.2.1
- uploaded the website on a freshly installed server
- repaired a bunch of custom mysql commands that no longer worked under php7
- updated the DNS
It works fine BUT my customer warned me today that he had been redirected on a website selling pills instead of the page.
I checked and the page displays normally.
So there is a process still somewhere that
randomly triggers a link to a page.
I assume it is in the database as all no infected .php file from the old server was reinstalled on the new one.
So my question is: how do I check the integrity of a MODx Evo database? Is there a tool for this?