-
- 4 Posts
Hi,
Sorry that my first post here is not good news.
A couple of days ago I installed ModX Evo 1.0.14 over Ubuntu 14.04 virtual machine. The site was only https and was not public.
The page 1 got hacked by replacing the base tag to an Asian site. That made local links point to this site.
I downloaded the entire modX install to check the files with git (by comparing it with a version in my computer) and all seems to be OK. Also I could not find anything unusual in the database.
I also didn't saw any changes in the user logs.
Could it be that only the cache was modified? How can I prevent this from happening again?
Thank you for your help.
-
- 4 Posts
Just to clarify that what was modified was the base tag but only in the live page, not in the document in the database.
In the resource <base href="[(site_url)]" />
It's the original Minimal template. No snippets.
In other pages <base href="" /> was not changed, just in the document 1.
Best
-
- 4 Posts
May I ask if there's a special forum / bugtracker to report specific security issues?
Is there anything I can do to help to fix it, specially if it happens next time?
I looked at the logs but as I'm not sure what to look for...
There is no forum for security issues yet.
If I got you correct, the html base tag has been changed. But not in the template itself. That would be a new hacking approach to me. Can you check if you have other users in the user management? Or maybe in the database? Sometimes they appear there without a name, so they dont appear in the backend. With the creation date of that user you could search for server log entries.
-
- 4 Posts
Hi Jako and all.
Indeed ModX is running as the only vhost and I didn't had this configured, but now I do. Thank you Jako. Your answer with the Stackoverflow link made sense. I also didn't knew $_SERVER['HTTP_HOST'] could give wrong results based on the browser request. Makes sense.
I suspected it was the cache only because after I saved the page as it was the problem vanished.
gallenkamp: Indeed I'm the only editor and I took more than one hour making the git test with the files and reading the MySQL export (it's a small site) after checking the user tables in PhPMyAdmin. But thanks, it's good to ask, I could have forgotten.
Thank you both for your help.