<![CDATA[ reinstall after virus - MODX Community Forums]]> https://forums.modx.com/thread/?thread=104841 <![CDATA[reinstall after virus]]> https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563746
Upgrad instructions say to build your upgrade upon the old installation with directory merging. I would like to avoid that. Is there any instruction with building up the installation direct from the fresh downloaded modx folder? And then manually copy all needed assets etc., to keep the amount of files low that have to be inspected. Any instruction / help on that?]]>
spica8 Jan 24, 2019, 05:25 PM https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563746
<![CDATA[Re: reinstall after virus (Best Answer)]]> https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563869 So, most things went well. Only one thing is left. 2 of three domains are running well. The third generates an error.

Fatal error: Uncaught Error: Call to undefined method phpThumbOf::createThumbnail() in /www/htdocs/web/core/cache/includes/elements/modsnippet/187.include.cache.php:53 Stack trace: #0 /www/htdocs/web/core/model/modx/modscript.class.php(70): include() #1 /www/htdocs/web/core/model/modx/modx.class.php(1798): modScript->process(NULL) #2 /www/htdocs/web/core/model/modx/filters/modoutputfilter.class.php(673): modX->runSnippet('pthumb', Array) #3 /www/htdocs/web/core/model/modx/modparser.class.php(941): modOutputFilter->filter(Object(pdoTag)) #4 /www/htdocs/web/core/components/pdotools/model/pdotools/pdoparser.class.php(305): modTag->filterOutput() #5 /www/htdocs/web/core/components/pdotools/model/pdotools/pdoparser.class.php(261): pdoTag->process() #6 /www/htdocs/web/core/model/modx/modparser.class.php(250): pdoParser->processTag(Object(pdoTag), false) #7 /www/htdocs/w009dd86/k in /www/htdocs/web/core/cache/includes/elements/modsnippet/187.include.cache.php on line 53


Tried with deleting core/cache. No effect. The other domains also use phpthumbof.

Reinstalled pThumb. Now working.]]>
spica8 Jan 31, 2019, 05:51 PM https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563869
<![CDATA[Re: reinstall after virus]]> https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563867
Fatal error: Uncaught Error: Call to undefined method phpThumbOf::createThumbnail() in /www/htdocs/web/core/cache/includes/elements/modsnippet/187.include.cache.php:53 Stack trace: #0 /www/htdocs/web/core/model/modx/modscript.class.php(70): include() #1 /www/htdocs/web/core/model/modx/modx.class.php(1798): modScript->process(NULL) #2 /www/htdocs/web/core/model/modx/filters/modoutputfilter.class.php(673): modX->runSnippet('pthumb', Array) #3 /www/htdocs/web/core/model/modx/modparser.class.php(941): modOutputFilter->filter(Object(pdoTag)) #4 /www/htdocs/web/core/components/pdotools/model/pdotools/pdoparser.class.php(305): modTag->filterOutput() #5 /www/htdocs/web/core/components/pdotools/model/pdotools/pdoparser.class.php(261): pdoTag->process() #6 /www/htdocs/web/core/model/modx/modparser.class.php(250): pdoParser->processTag(Object(pdoTag), false) #7 /www/htdocs/w009dd86/k in /www/htdocs/web/core/cache/includes/elements/modsnippet/187.include.cache.php on line 53


Tried with deleting core/cache. No effect. The other domains also use phpthumbof.[/s]

Reinstalled pThumb. Now working.]]>
spica8 Jan 31, 2019, 04:51 PM https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563867
<![CDATA[Re: reinstall after virus]]> https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563786
Extras have most of their stuff in the core/components directory, but anything that needs to be available to the extra via URL (mostly images, JS and CSS code) goes in assets/components]]>
BobRay Jan 27, 2019, 10:11 PM https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563786
<![CDATA[Re: reinstall after virus]]> https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563780
As I have no access to the old manager anymore, I installed all extras corresponding to the folders in assets/components. So I have a fresh installation of modx, hardended it, installed all extras, and switched to a copy of the old db. Manager ist working. I only wonder, if the installed extras ressources and the corresponding old db entries can get a conflict.]]>
spica8 Jan 27, 2019, 06:45 PM https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563780
<![CDATA[Re: reinstall after virus]]> https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563764
For snippets, you will usually (but not always) see "Snippet not found" in the error log, but for other elements, you won't see anything and there's a chance that a missing one could crash the Manager.
]]>
BobRay Jan 25, 2019, 11:35 PM https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563764
<![CDATA[Re: reinstall after virus]]> https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563756
Ahm, where can I finde the 2.6.5 distribution? Its not listed under prereleases. Maybe I should use the advanced distribution for hardening? Sorry, wrong akkordion, found.

And how to deal all the extras that where mounted. Do I have to track and reinstall them manually or will I find assistance within the manager?]]>
spica8 Jan 25, 2019, 08:42 AM https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563756
<![CDATA[Re: reinstall after virus]]> https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563751
It's not absolutely essential to do a clean install, but it doesn't take that long and it's nice to have a clean installation to start with. That way you can bring your assets files in use the site for a while to see if they cause trouble before importing the DB. You can back up the clean install by creating a compressed archive in cPanel. Then you can create a second one after moving the assets files. That way you can back out if there's trouble.

If you do it that way, you don't need or want any of the config files from the hacked site.
]]>
BobRay Jan 24, 2019, 10:26 PM https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563751
<![CDATA[Re: reinstall after virus]]> https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563750 Do I get you right: I first have to proceed the full installation process of the same modx version before I import my db dump from the old one? Do I have do care about the old config file?]]> spica8 Jan 24, 2019, 10:02 PM https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563750 <![CDATA[Re: reinstall after virus]]> https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563747
The files are pretty straightforward. Generally, all you need to transfer are files in the assets folder that you know are safe. Don't assume that they are safe just because they were there before. You need to check them to make sure they weren't altered. There are some tools out there that will perform checks on them for you, but if never hurts to take a look at the contents for suspicious code. Be especially careful if you're using the Gallery extra, since it was an attack vector.

Be sure *not* to transfer the core/cache directory.

The database is more difficult. If you install a newer version of MODX than the hacked site, you won't be able to do an easy transfer of the database tables unless you're able to update the hacked site first.

If the two versions are the same you're sure the database has not been hacked (it's difficult to know, but most MODX hacking events haven't compromised the DB, just the files), you could install 2.7.0 on the new site, export the DB of the hacked site with the DROP TABLE custom option, and import it into the new site.

The problem with any other method is the "intersect" objects that connect related objects in MODX. For example, every resource has fields telling who created it, who edited it last, and who published it. These contain user IDS, and if you create new users, the IDs won't necessarily match. There's a similar problem with which users are in which user groups, which resources are in which resources groups, permissions, policies, roles, and a bunch of other things.

If the new site is going on the same server, you also have to consider the possibility that the hacker has gained access to that server (via, for example, a vulnerability in other software running on the same server like WordPress).

Don't install any extras until the new site is fully updated, running MODX 2.7.0+, and has been hardened.

https://docs.modx.com/revolution/2.x/administering-your-site/security/hardening-modx-revolution

https://bobsguides.com/blog.html/2015/05/05/hardening-your-modx-site/

I strongly recommend moving the MODX core above the web root of your site.

There's some good advice here: https://modx.com/blog/recovering-from-a-hacked-site-part-1, but some of it assumes that you have a site backup from before the hacking occurred.

I've been lucky enough not to have had any sites hacked. Others who have not been so lucky can probably give you better advice than I can.




]]>
BobRay Jan 24, 2019, 07:01 PM https://forums.modx.com/thread/104841/reinstall-after-virus#dis-post-563747