-
- 1,198 Posts
Do you update the site to 1.0.15?
-
- 5 Posts
We used to have the problems as well.. Our solution (and still without any problems)
Update to version 1.0.15
delete all files from manager dir(excluding config file and onces added by us)
delete all files from assets dirs(excluding files added to us (snippets/plugins) and files addes by webmaster (img/files) delete all php files in those directories!)
after that they weren't infected anymore!
Yesterday I have cleaned an installation with a similar method than Rogier. Three hours later is was sending spam again.
After looking through the access log I have found the attacking vector. It was not located inside of MODX. In this case it was a awstats installation containing some additional php files.
So if you clean an installation, be sure that other public accessible folders beneath your MODX installation are cleaned too.
-
- 1,613 Posts
I have had infected files in lower as root folders in the past.
If I remember correct it was awstats aswell. Check every folder and keep your Modx up to date
.
Evolution user, I like the back-end speed and simplicity
-
- 153 Posts
So, I guess the solution is in the permission of folders and files. But, which chmod can I choose without bother MODX?
@neoziox: Depends a bit on your installation. If the ftp and apache user are not the same, all ftp folders with 755 are not writable for apache (i.e. for php). Same for files: files with 644 are not writable for apache.
If the ftp and apache user are the same you could set them readonly by ftp but the rights could be changed by i.e. a php script.
-
- 153 Posts
How can I be sure about the installation of my server (phpnet.org)?
What do you do to stop this hacks?
Update to 1.0.15 change really the situation? (all my website is on 1.0.14)
-
- 11 Posts
As for Jot, I don't think it matters whether it's used or not. If you have the (old) Jot files uploaded, you're probably screwed. See Ajax Search previously. Having the php file on the server was enough to allow hacking the site.
Anyway, the problem with security flaws is that even small ones, which individually don't allow hacking, may form a possible attack vector in combination. So everyone not updating to 1.0.15 or at least doing the hox-fix by replacing the two files should consider its MODX installation as easy hackable.