Recovering from a Hacked Site: Part 1

This is part 1 of a 3-part series on recovering a MODX website after it has been compromised and keeping it safe in the future.

Upgrade, Upgrade, Upgrade

Upgrading the software that runs your site as soon as upgrades are available is the surest way to protect your investment and reputation with your online presence. This applies to not only MODX, but also to other platforms like WordPress, Drupal, Joomla, Magento, and more. While this article focuses on MODX, the principals in general apply to all software platforms.

If you are running a version of MODX prior to 2.6.5, released on July 11, 2018, it is critical to upgrade your site now. If you are upgrading from a MODX version prior to 2.3.x, upgrade to the 2.3.6 release prior to upgrading 2.6.5.

Why Upgrades Are Important

Your digital public billboard to the world deserves to be kept up to date and secure. Unless your site really doesn’t matter, it makes sense to budget more than your monthly cellphone bill on a critical, globally visible marketing channel. Please use quality hosting with backups on by default. Be sure to budget for regular, ongoing maintenance with a trusted team or individual who know what they’re doing when it comes to your website and hosting.

The risks of hoping for the best with a commodity host with no backups, or naively assuming things will be OK, is too risky today. If you do not maintain both your site software and the full stack of server software that powers it, your site will almost certainly be hacked at some point assuming it is ever linked to on the public web or has a custom domain name associated with it.

The consequences of skipping critical maintenance of any software tied to a website can be disastrous, including total loss of the website, loss of business, loss of reputation, delisting from Google’s index or Adwords, ransom, or extortion.

MODX Update Frequency & Methods

MODX Revolution typically has 4-6 patch releases per year, often containing security updates. Wise site owners today must be prepared for consistent, ongoing website maintenance after their site launches. There are several options to improve the ease of upgrading including Softaculous in cPanel, the UpgradeMODX Extra, SiteDash and the Upgrade button in MODX Cloud. There is, of course, also the traditional upgrade method as well.

Please note, before doing any maintenance on your site it’s critical to take a backup prior to updating, or you face risk of data loss. Always, always, always try to have multiple backups of your website, and preferably perform test upgrades on a clone of your site prior to doing any work on it.

When you update your site version, you should also update all your Extras to the latest version from within the MODX Manager Dashboard, or using one of the tools mentioned above.

The Symptoms of a Website Hack

The most recent attacks fixed in 2.6.5 have several telltale signs, though this may change. They currently include:

  • The website redirects visitors to adult websites, gambling sites, or anywhere that should not be redirecting to.
  • You cannot login to the Manager or the Manager Login Screen is blank or missing.
  • New PHP files with obfuscated php in the main directory where your MODX site sits.
  • Overwritten Javascript files with obfuscated code.
  • Missing “assets” directory, which is typically located at in the main directory of the website alongside MODX.
  • PHP files in an “assets/images/” directory. This directory typically only contain files that have image extensions such as, .jpg, png, svg, ico, jpeg, tiff, etc.

More in this Series

For more in the Hacked Site Series, you can read Part 2 for practical details on how to recover from a compromise, and we’ll soon publish Part 3 covering the tips and tools recommended by MODX Community.

Hi. We’re MODX.

We’re here to help you fix, build and grow fantastic sites. How can we help?

How can we help?

Tell us the general reason for reaching out so we can connect you with the right team.

MODX Diagnostics

MODX’s Open Source software is 100% free for anyone to download and use. As the team behind it for more than a decade, we know it inside, out, and then some.

Like any software, sometimes things break; we can usually fix them very fast. But, we do have to charge for our time to support our families and fund its ongoing development. There are almost an unlimited variety of things that can cause problems, including server upgrades, corrupt files, accidental changes, outdated software, database hiccups and more. We will save you a lot of time and frustration, and get you back in action.

With our MODX Diagnostic service, we determine the source of issues, and often fix them on the spot. For more extensive problems needing more time, like hacked sites or overdue upgrades, we provide additional estimates and guidance. MODX Diagnostics cost $99 for standard business hours support (US Central Time), or $500 for priority, rush or after-hours emergencies.

If you don’t have budget for professional support from the source, you look for answers in the MODX Forums or Documentation, or seek help from MODXers in the Community Slack, or from MODX Professionals near you.

Get Support Now

After submitting this we will contact you to collect any access credentials in a secure support ticket. We look forward to helping restore your site back to full health.

Hi! We’d love to work together.

If you have a simple problem that needs our assistance, please request quick fix help here.

What should we keep in mind?

The project involves:
(select all that apply)
What are you planning?
(select all that apply)

Some other considerations

Specific project information

Commercial Support Customers

Customers with a current Commercial Support agreeement can get help using this form. Learn more about MODX Preferred Support.

Let’s get started

What seems to be the issue?

Contact MODX

We welcome conversations, ideas, inquiries and even the occassional cold sales call, but support and requests about how to use MODX software sent via this form cannot be guaranteed a response. That said, we try to respond to everyone that reaches out to us within two business days.

To report a security issue or file a bug for MODX software, please email security [at] modx.com to reach our security team. If you are looking for help with MODX, many times you can find an answer in the MODX Forums or MODX Documentation, from MODXers in realtime at the MODX Community Slack Channel, or from a MODX Professional near you.

How can we help?