Website was hacked by cyber-soldiers

My site was recently hacked by cyber-soldiers. I think it must be modx fault, because I have several cmsystems and other websites running in the same web server/account. Modx powered site is the only which now instead of content and manager shows "CyberLord WAS HERE www.cyber-soldiers.org". Has this happened to anyone else. How could I find out why this happened. If there is some serious bug, then main modxcms website would most probably be already hacked. So most probably there isn’t or is there?

What MODx version you had? There was some security issues that were fixed in 0.9.2(.1)

Unfortunately, mine is modx-0.9.2.1.

It is interesting and important to read access logs and error logs of the day your site was hacked. The ideal is if you can estimate the aproximative hour of the hack.
Could you access to them ? that would help us to find the problem.

These guys are fairly prolific Islamic script kiddies. They seem to target known vulnerabilities in systems like phpbb. Were you running a forum or some other 3rd party software?

No, only modx.

I also used MiniGallery, a couple of other snippets. I will be able to provide you with logs. But now I am leaving the town and I will be back tomorrow . Then I will provide you with more information. I think it would be good if we found out what happened, cause it may be some security bug in modx. Or it may be my ignorance

What is the site URL?

If I recall correctly, there was another case of a hacked MODx site when somebody left their config.inc.php file world-writable.

It’s impossible to know how the site was hacked w/o having forensic evidence. How was your server set up? What service were running? What other applications were installed? What do the logs show?

The version of modx you had installed was vulnerable to a XSS security issue, but not a remote access one. I am not saying that the break in wasn’t modx’s fault, but w/o more evidence, it’s impossible to truly know.