-
- 144 Posts
Hi,
I have a VPS server, with 15 sites on it.
Due to a vulnerability in the "Gallery plugin 1.7.0", malicious php files were injected in the modx site. From there on, the malware was spread to my whole server.
I had to revert the whole server to an earlier time, and lose some valuable data.
I updated the Gallery Plugin to 1.7.1, but I am not happy with what happened.
Modx was in the earlier days pretty hack-proof, now it seems to be a risk...
I read Bob Ray's recommendations about hardening security, but I can't do it, as I use Installatron service, which automatically updates when a new release comes, like 2.6.5
Is there a real security plugin available for Modx, with malware scanning, firewall, etc like all major CMS systems have ?
thanks
-
- 185 Posts
Hi Ananda,
There is no silver bullet as far as I know (especially there is no such plugin, but maybe this is sounds good as some idea for future), I've upgraded more than 30 MODX websites and depending one from another this is always manual story, you have to implement some mandatory and some option steps for stronger MODX. Yeah, Bob said a lot about that.
So only collaboration of:
1. Latest MODX and Gallery versions
2. Stronger connectors, assets, manager folder, core is outside document root folder
3. Password protection for all the folders above
4. for VPS each website user have to have rights to work only inside websites files, this is task for proper server webserver user permissions
5. Use server scan utilites
-
- 932 Posts
All websites are prone to being hacked and no system is "bulletproof" forever. MODX just happens to have far less security vulnerabilities (that are reported) than most other CMS's. Occasionally something will get through sooner or later.