The XSS issue in Jot is only useable if you are using Jot. It is totally different than the AjaxSearch issue.
And there is a big difference between the AjaxSearch issue and the in 1.0.15 fixed issues. The AjaxSearch issue needs no manager credentials – MODX Evolution was hackable out of the box with that.
-
- 4 Posts
1) I had about 20 ModX sites with 1.0.14 or lower. I could easily update all but two of them to 1.0.15. I was getting hacks a few times a day, but they are stopped cold, so far, with the upgrade to 1.0.15. So, I also recommend the upgrade.
2) (Using the access log files to lookup the hack IP addresses, it seems the hacks were mostly coming from Morocco. Recently, they were phishing for Apple iTunes and Google credentials.)
3) Looking carefully at the hack files, the hacks also involve creating a database table, sending the info, then immediately then drop-ing the table. So, I also changed the ModX manager config file to have the ModX install database user limited to SELECT, INSERT, UPDATE, DELETE, ALTER (ALTER is needed for maintaining/updating snippets in 1.0.15, which is not a good practice.) Anyway, limiting database permissions will defeat the hack, even if successful in depositing files on the server.
4) With the permissions change two heavily forked ModX websites on 1.0.8, which are not updated, are no longer hacked either.
5) Before 1.0.15 was available I monitored the sites with a script that keeps track of files and reports if any were added or deleted. That has been a good strategy as well to easily discover where the hack files were deposited.
-
- 409 Posts
For information, in my case, the update to 1.1.15 stop the attack since last month.
If it is finished now, then some earlier hack could have inserted an evil settings record in MODX system settings table. It is not deleted by the update but it could not be used anymore. Or you have cleaned the filesystem better during the update.
-
- 153 Posts
Great! Thanks for your replies. I'm gonna update soon as possible.
[off topic] Just one negative point when I use YAMS: problem with 1.0.15 + ManagerManager and YAMS. I have no hope YAMS be updated, so I downgrade ManagerManager to solve this issue. [/off topic]
-
- 153 Posts
Thanks Jako! I will test that very sooner.
-
- 1,613 Posts
I have cloned YAMS here and added the changes for Evo 1.0.15.
https://github.com/fourroses666/YAMS
I have tested this on a YAMS installation with Evo 1.0.14 and upgraded to 1.0.15 and it WORKS!.
[ed. note: fourroses666 last edited this post 9 years, 3 months ago.]
Evolution user, I like the back-end speed and simplicity