On July 12, 2018, we released MODX Revolution 2.6.5
to close two critical vulnerabilities
On July 16, the members of the MODX team were notified that an example attack script was shared publicly that would enable hackers to modify and use for malicious purposes. Starting on July 18th, 2018, the MODX team began receiving reports that these attacks were compromising MODX Revolution websites.
If your site has not been hacked, you MUST upgrade
* to MODX Revolution 2.6.5 and all Extras immediately.
If your site has been compromised, do not panic. It may be possible to recover the site if you have a backup from prior to July 18th, 2018.
Once you have restored from a backup, you should immediately upgrade to MODX Revolution 2.6.5 and then upgrade all Extras from within the MODX Manager, including Gallery if it is installed. Once you login to your site Manager (e.g., at https://www.example.com/manager/
), navigate to the top "Extras" menu and press the orange "upgrade" button for each Extra that needs to be upgraded.
No Backup; Still Hacked
The MODX Services team
has experience in hacked site remediation. Also some MODX Professionals
may have similar experience. Sucuri.net also provides hack remediation to identify and remove compromised files.
Need Help with Upgrades
If you do not know how to upgrade your site there are several support options available. You can contact the developer or builder of your site, ask for help in the MODX Forums
, find a MODX Professional
or get help from the MODX Services team
Staying Abreast of Releases is Critical
We cannot stress how important it is to update sites to the latest versions of MODX as they are released. While this active exploit is unusual in the MODX Community, it does underscore the need to be vigilant with new releases and security patches.
* Experienced MODX developers can do an interim manual patch on 2.6.x and above by replacing the following files here
and if it exists, this file
[ed. note: smashingred last edited this post 3 years ago.]