Some important questions regarding the hack and protection:
1. The attacker "changed settings" as stated in the logs. Is there any chance to see what he changed?
2. Can I disable the file manager somehow? Or is it an essential part of modx?
3. Are plugin codes saved in files and not DB?
4. Are template, chunks, snippets saved into the DB?
5. How can I rename the manager folder so that the hack bot will not find my manager-folder again. That would add much more security. I tried
this tip but it does not work. I get "Could not load DBAPI class." when accessing the install folder.
FYI:
- the bot (or human?) accessing one of the hacked files was
http://neplohoybiz.ru/man/index.php with IP 95.68.219.222
- the hacker's IP I don't have, as logs from June has been deleted by the provider
- others accessing the malicious files had IP 128.72.113.203 and IP 77.52.137.55 and 188.27.175.58
[ed. note: kajus99 last edited this post 10 years, 8 months ago.]