Hacked website

The website I manage was hacked. I've managed to upgrade and get the live website back working but I can't do anything in the CMS as everytime I click anywhere it diverts to spam pages. I can't even log out to clear the cache and flush permissions.

I've replaced all the js files which might have been the problem. I see from the control panel it says core folder is accessible by web. How do I fix this so that it is secure?

And how do I get access back to the CMS?

You will need to load a backup of all the files. Then upgrade Modx to 2.6.5 and then upgrade the Gallery extra to 1.7.1.

That's the only thing that worked for me.

Thanks, I managed to upgrade it to 2.6.5 but I can't access the CMS to upgrade any extras. Is the only way to delete the extras via cpanel then reinstall?

The most recent backup I have I think contains the hacks, I'm not sure I have a backup before then, would need to check.

Quote from: evegate94 at Jul 25, 2018, 10:02 AM

Thanks, I managed to upgrade it to 2.6.5 but I can't access the CMS to upgrade any extras. Is the only way to delete the extras via cpanel then reinstall?

Yes that's the best way, deleting in cpanel

Quote from: evegate94 at Jul 25, 2018, 10:04 AM

The most recent backup I have I think contains the hacks, I'm not sure I have a backup before then, would need to check.

Ideally if the backup is older than 7-10 days.

Many thanks! I've deleted the components which gave me back access. I have now reinstalled.

Now when I install the gallery extra this seems to bring back virus popups! Is the gallery extra to be avoided now? Is there a way to get it back without viruses?

Gallery v1.7.1 has been patched so make sure you use that version

Ah thanks, I think I was viewing a cached page as have emptied and fingers crossed seems ok now.

Remember to rename /core/ht.access to core/.htaccess