You can try to change the "request_param_alias"
parameter in System Settings, and edit your htaccess
to follow the value.
RewriteRule ^(.*)$ index.php?typeYourNewParamAliasHere=$1 [L,QSA]
Make it random and hard to guess.
Genius is one percent inspiration and ninety-nine percent perspiration. Thomas A. Edison
MODx is great, but knowing how to use it well makes it perfect!
Security, security, security!
| Indonesian MODx Forum
| MODx Revo's cheatsheets
| MODx Evo's cheatsheets
Author of Easy 2 Gallery 1.4.x
, FileDownload R
, Upload To Users CMP
, Inherit Template TV
, Grid Class Key
Maintainter/contributor of Babel
Because it's hard to follow all topics on the forum, PING ME ON TWITTER @_goldsky
if you need my help.
That changes the name of the parameter used by friendly URLs. When you normally request /contact.html, what MODX sees is index.php?q=contact.html. The changes goldsky suggests changes that to index.php?typeYourNewParamAliasHere=contact.html.
I'm honestly not sure what that has to do with the hacks mentioned in this topic.
The only reason I can think of to change that setting is if you're trying to use 2 different CMSs that both use the q parameter, from the same index.php file, which would be.. interesting and oddly specific.
I can imagine an attack that involves a direct call to index.php targeting a specific extra file. Changing the 'q' would protect against that, but I don't think attacking in that way would be any more effective than just using the URL for the file without going through index.php.