How to get rid of a virus on modx evo website?

V

vairon2020-06-22 15:23:11

Malware

vairon, 2020-06-22 15:23:11

Tell me, who knows, please.

The site on modx Evo was created in 2015 - the site is an ordinary business card. It was abandoned in 2016. Now, in 2020, the site launched, and without updating cms, it began to promote)) Recently, malicious code got to the site, and at the same time to another site of mine that is without cms (just in html). I myself understand that the virus hit 99% because the cms modx version has not been updated since 2015) Sites on shared hosting.

Question: if you now delete all files from your hosting account, update cms and upload all backups back, will the virus show itself on the updated site and will it generally allow you to update cms normally?

PS: the ai-bolit program writes the result of the check:

building list of shells-153,
building list of js-0.
building list of unread files-0

Thanks in advance!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexey Sundukov, 2020-06-22
@alekciy

update cms and upload all backups back will the virus show itself

Of course it will. Your site is already on the attacker's list of vulnerable sites. In the context of the fact that MODx stores PHP code in the database, then you probably already have it in the database.
I once did this:
1) took out all the code from the database into files after inspecting them.
2) completely started the engine under git, watched a little on git diff what changes where.
3) configured the web server environment so that the engine would not have the ability to write files (essentially freezing the site).
4) began to consistently "release" the nuts allows the web server to write to strictly specified directories.
The work is long and tedious, requiring monitoring of the state of the system and quick roll-in / roll-back of changes.