Thanks Paul. Upgraded to 1.0.6 via Bluehost one click upgrade and the ForgotLogon plugin is still disabled. Here's what's broken so far:
Friendly SEO URLSs - have had to turn these off for now as all links are going to the 404 page
SQL Error on all pages - had to turn off QuickManager
Modifications that I've made to AjaxSearch files (to be expected as I customized the CSS files)
One thing I'm seeing is that there is a .txt file that is blank in most directories and an modification to the last line of every index.html and index.php file in these directories.
My thought process around clean is deleting all of these .txt files and then deleting the
<img height="1" width="1" border="0" src="http://46.45.183.139/512242d942c20e3736000192.jpg">
on the bottom of every index file.
I've changed all FTP password and MODx user passwords.
Can anyone recommend additional cleanup? Should I be doing a GREP via SSH to find all the .txt files? or should I be looking for all files modified at the time of the hack? Can anyone post UNIX commands for performing if recommended?
Otherwise, i guess it is a manual process of looking in every directory and seeing the .txt file and deleting the code on the index file. Is this really even neccessary????
Thanks,
Eliot