R57.txt - MODx Hacked or bad server configuration??? - How prevent?

can someone please give me instructions which security issues i have to fix, so that the site wont be hacked again? help much appreciated. thanx in advance sincerely grismo

this is the file which has been uploaded through some security wholes...
http://rapidshare.com/files/252764939/R57.txt.html

Are there any "third party" snippets or modules running on your page that need/accept user input?
A list of any installed snippets, modules or whatever installed on your site AFTER you installed MODx from scratch would be very helpful to consider what security breach you suffered from...

Such a file being uploaded probably means your FTP account has been compromised; or perhaps if it’s a shared server the entire server has been compromised.

Yep, I didn´t think of any hacked FTP-account at all... might be an issue here.

That’s a common hack going around right now; there’s a trojan that’s getting installed on a lot of Windows machines from a few different vulnurabilites (such as one with the Adobe Acrobat PDF reader’s javascript handling). This trojan gets your login details for any sites you log into, and send them off to the hackers.

My best recommendations:

1. Limit the incoming IP addresses permitted to connect to your server through FTP and SSH (inconvenience is of course always the payoff for more security).

2. Run quality malware protection (Malwarebytes is free and has been shown to stop many of these attacks before damage is done) and well as a local firewall that will alert you to unusual connection attempts. More than 90% of the time, FTP attacks like this are made with a single login from a remote location--that is your local computer, not your server is typically compromised. If you are a developer with multiple clients’ FTP logins saved on your machine, this could become a major headache...

3. Do not store FTP login information within your applications.

4. Keep nightly backups (and do not neglect backing up MySQL--if you are using ModX or another CMS, you’ll need to roll back your DB as well.

If your site has been hacked, change every FTP password, check your transfer logs to find the time of the attack (the IP of the attacker will be irrelevant, since they almost always use the server of another compromised user to carry out the attack). Change all FTP passwords, store your site to a time before the attack, and scan all machines with FTP access to your account.

Steven

Do make sure to clean your local machine of any trojans, because if you change all of your passwords but your local machine is still infected, it won’t do any good; the hackers will just get your new passwords!