Maybe already announced, but today we encountered a lot of successful hacks (about 40 customers) via the MODX Revolution extra
Gallery. All installations were running
Gallery version 1.7.0 or lower. Today, Version 1.7.1 was released with a fix for a (or the known) phpthumb vulnerability. See
https://modx.com/extras/package/gallery -> Changelog.
A customer's hoster detected a hacked php-file in the folder
/assets/components/gallery/cache which is the caching folder of
Gallery.
I recommend to immediate update
Gallery to 1.7.1, to check the folder
/assets/components/gallery/cache and - if there is a *.php file in this folder - to inspect the whole system for other hacks.
OK, this affects an extra, but from my perspective, it would be nice of the MODX security team, to announce this issue in the security feed (
Gallery has ~ 160 k downloads).
Sorry for my bad English.
[ed. note: mr.odo last edited this post 5 years, 9 months ago.]