-
- 9 Posts
My site was recently hacked by cyber-soldiers. I think it must be modx fault, because I have several cmsystems and other websites running in the same web server/account. Modx powered site is the only which now instead of content and manager shows "CyberLord WAS HERE www.cyber-soldiers.org". Has this happened to anyone else. How could I find out why this happened. If there is some serious bug, then main modxcms website would most probably be already hacked. So most probably there isn’t or is there?
-
- 4,213 Posts
What MODx version you had? There was some security issues that were fixed in 0.9.2(.1)
"He can have a lollipop any time he wants to. That's what it means to be a programmer."
-
- 9 Posts
Unfortunately, mine is modx-0.9.2.1.
-
- 711 Posts
It is interesting and important to read access logs and error logs of the day your site was hacked. The ideal is if you can estimate the aproximative hour of the hack.
Could you access to them ? that would help us to find the problem.
Sorry for my english. I'm french... My dictionary is near me, but it's only a dictionary !
-
- 386 Posts
These guys are fairly prolific Islamic script kiddies. They seem to target known vulnerabilities in systems like phpbb. Were you running a forum or some other 3rd party software?
If I recall correctly, there was another case of a hacked MODx site when somebody left their config.inc.php file world-writable.
-
- 258 Posts
It’s impossible to know how the site was hacked w/o having forensic evidence. How was your server set up? What service were running? What other applications were installed? What do the logs show?
The version of modx you had installed was vulnerable to a XSS security issue, but not a remote access one. I am not saying that the break in wasn’t modx’s fault, but w/o more evidence, it’s impossible to truly know.