Manager still compromised after upgrade to 2.6.5

2 Posts

peterzx20 Reply #1, 5 years, 9 months ago

Some of my sites got hacked in the last couple of days.

I rolled back to a 2 month old backup and upgraded to 2.6.5

This cured the main site but the manager remains compromised and unusable immediately taking you to dodgy external websites when you click anywhere on the interface.

I can't see in the code how this is happening, it seems to wrap the manager interface in an iframe which links to external sites.

I am not using the gallery extra and have grepped for phpthumb in the existing extras, none seem to use it.

Can anyone tell me how the manager could be wrapped in an dodgy iframe like this?

Ta
Peter

This question has been answered by multiple community members. See the first response.

discuss.answer

1,572 Posts

Paulp Reply #2, 5 years, 9 months ago

Make sure you have deleted everything in the core >> Cache folder manually

discuss.answer

3,975 Posts

Zaigham (aka zi) Reply #3, 5 years, 9 months ago

I think you should upload fresh /manager and /connectors folders from latest zip. (replacing the old one completely, not overwrite.)

This should fix the issue. Although I think it might not be 100% clean backup.

Zaigham R - MODX Professional | Skype | Email | Twitter

Digging the interwebs for #MODX gems and bringing it to you. modx.link

2 Posts

peterzx20 Reply #4, 5 years, 9 months ago

Did both those and the system seems to be working ok now

Thanks
Peter

Answered Manager still compromised after upgrade to 2.6.5