I'm getting so tired of this now - after upgrading, now two of the same sites hacked again.
And I moved the Core Dir with one - like people have said the files infected are all over the place with different date stamps.
I'm just a simple web designer who has used MODX over the years, I'm not a full on security / server expert and I SHOULD NOT HAVE TO BE DOING THIS!!! (excuse the rant)
I've deleted various files as per the list below but obviously some of the files were system files so I'm now unable to see / use the full functionality of Manager.
I'm going to do a system restore but that's what I did before so somehow they are getting in?
I'm not happy !!
Scanning [/home/wwwstyle] ... Please wait...
[HEX]php_include_obf_local [06/09/17] /home/wwwstyle/public_html/core/index.php
[HEX]php_include_obf_local [31/08/17] /home/wwwstyle/public_html/core/config/index.php
[HEX]php_include_obf_local [28/01/18] /home/wwwstyle/public_html/core/export/index.php
[HEX]php_include_obf_local [05/10/17] /home/wwwstyle/public_html/core/xpdo/index.php
[GEN]obfuscated_globals [25/07/18] /home/wwwstyle/public_html/core/xpdo/om/mysql/xpdodriver.class.php
[HEX]php_include_obf_local [20/10/17] /home/wwwstyle/public_html/core/lexicon/index.php
[GEN]obfuscated_globals [25/07/18] /home/wwwstyle/public_html/core/lexicon/uk/resource.inc.php
[GEN]obfuscated_globals [25/07/18] /home/wwwstyle/public_html/core/lexicon/da/propertyset.inc.php
[GEN]obfuscated_globals [25/07/18] /home/wwwstyle/public_html/core/lexicon/th/user.inc.php
[HEX]php_include_obf_local [09/05/18] /home/wwwstyle/public_html/core/model/index.php
[HEX]obfuscated_php_code_5 [26/07/18] /home/wwwstyle/public_html/core/model/aws/services/vgstnoho.php
[HEX]obfuscated_php_code_5 [26/07/18] /home/wwwstyle/public_html/core/model/smarty/plugins/fnqyhgym.php
[HEX]php_include_obf_local [26/12/17] /home/wwwstyle/public_html/core/docs/index.php
[HEX]php_include_obf_local [22/12/17] /home/wwwstyle/public_html/core/error/index.php
[GEN]obfuscated_globals [25/07/18] /home/wwwstyle/public_html/core/components/formit/includes/us.states.inc.php
[HEX]php_include_obf_local [20/04/18] /home/wwwstyle/public_html/core/import/index.php
[HEX]php_include_obf_local [08/06/18] /home/wwwstyle/public_html/core/packages/index.php
[HEX]stream_context_func [01/08/18] /home/wwwstyle/public_html/core/packages/seopro-1.0.3-pl/.2ce06750.ico
[HEX]obfuscated_php_code_5 [30/07/18] /home/wwwstyle/public_html/core/packages/upgrademodx-1.5.5-pl/71a12c4a.php
[HEX]obfuscated_php_code_5 [26/07/18] /home/wwwstyle/public_html/core/packages/simplesearch-1.9.2-pl/modCategory/faxkdjgx.php
[HEX]php_include_obf_local [18/10/17] /home/wwwstyle/public_html/css_new/imports/index.php
[HEX]obfuscated_php_code_5 [26/07/18] /home/wwwstyle/public_html/images/Alti-trade/vznkohmu.php
[HEX]php_include_obf_local [17/10/17] /home/wwwstyle/public_html/connectors/security/index.php
[HEX]php_include_obf_local [27/11/17] /home/wwwstyle/public_html/connectors/index.php
[HEX]php_include_obf_local [04/06/18] /home/wwwstyle/public_html/connectors/system/index.php
-----------------------------------------
Scanned Files : 37165
Scanner Hits : 25
Time Taken : 100 (sec)
Scan Report: report-020818-110538
[ed. note: gavinbaylis last edited this post 5 years, 9 months ago.]