-
- 37 Posts
Hi,
Title says is all. Is there any guide available to fixing the hacked sites?
-
- 571 Posts
Sorry to hear you have come back to that.
If possible the safest option is to restore from a backup prior to 18th July.
Then use Bob Rays Upgrade MODX extra to upgrade to the lates version.
UpgradeMODX 1.5.5-pl
https://modx.com/extras/package/upgrademodx
If possible it is wise to make your sites as secure as possible by following these guidelines
Hardening MODX Revolution | MODX Revolution
https://docs.modx.com/revolution/2.x/administering-your-site/security/hardening-modx-revolution
There is also a discussion about further protection on the MODX Slack Community
https://modxcommunity.slack.com/
-
- 130 Posts
Which version were the websites? if they were below 2.5.x and no patches were added maybe that's why.
Follow Andy's instructions and you should be fine.
-
- 37 Posts
Thanks for the replies. Deep breaths...
-
- 110 Posts
I have had 9 out of 49 sites hacked. Luckily most of them had decent backups, but you have to scrape your server space first and make sure you are completely replacing the site rather than a "merge files" update.
If you have to clean a site manually do the following:
1. delete the obviously added files
2. go through all .php and .js files to look for either injected lines of code (usually at the top), or totally replaced code and restore to original (like jQuery.js etc.)
3. look for added index.php files in directories that shouldn't have them and delete them.
4. If you've used any other stuff like Foundation/Bootstrap framework etc. check those files too, this hack gets into everything!
5. Once you are sure the site is clean, make a backup straight away, I had one site hacked twice!
I feel your pain, good luck!
-
- 249 Posts
I've had one of my 10+ Modx sites hacked through this most recent exploit. The attacker absolutely trashed my site - overwriting every single javascript file with malware and infecting every single .php file. One of the worst hacks I've ever seen.
Remediating was straightforward - after verifying what happened by checking log files, I wiped the entire web directory and restored from remote backup.
I can't stress enough the need to have thorough and frequent backups - daily/weekly including your database. They will save your neck, and possibly save you from losing a customer or worse, a lawsuit.
lo9on.com
MODx Evolution/Revolution | Remote Desktop Training | Development
-
- 42 Posts
HI Wilbo,
we have like 5 sites hacked in a short time period. Backups were our save. We start leaving host this year that dont have backups back 14 days minimum.
I have seen hacks in modx getting 1 or 2 websites but current hack is very agressive and large. Never seen before on Modx.
Shocking fact is that views concering this on the Modx forums are very low. Most Modx owners are not aware of what is going on. (at own risk)
I left out 2 sites not updating Gallery. They were hacked after 2.6.5. update in 1-2 days. Dont forget Gallery to 1.7.1
Good luck, Voklee