Fi1osof, Sicily
Dear Fi1osof,
I found your message about wordpress hacking in
https://modx.pro/security/15912
on Aug 23, 2018. The hacking code generates extenupdates.php and moban.html.
I was hacked in the same way and I'm in trouble.
Did you know how these got into WordPress?
Has a problem such as information leakage occurred?
I would be very glad if you could get some information.
Best,
Sicily
Good day!
Sorry, it's not was WP, it's was MODX. MODX was hacked. And i do not know WP. Sorry.
Dear Fi1osof,
Thank you so much for your quick reply!
No problem. I did not know MODX is one of CMSs and this site is for MODX. Sorry.
Anyway, I think their purpose is the same because the file name and code are similar to my case.
I am very concerned about the possibility of information leakage by the hacking to us.
In your case did you check if there was a leak?
I'm collecting information, so I'm glad if you can tell me on this.
I apologize for the inconvenience.
Best,
Sicily
Here I described the recovery of an MODX-site after hacking: https://modxclub.ru/topics/virus-pronik-na-modx-sayt.-v-papke-assets-v-modx-unichtozheny-vse-skripty.reshenie..html
Mass hacks have gone since last summer. I restored a lot of sites on MODX after hacking. Nowhere not noticed damage database. It seems they are only interested in the distribution of spam links.
Dear Fi1osof,
I appreciate your helpful message.
I feel a little better thanks to your words. ;-)
We will continue to find out how they invaded to our server.
Thank you so much for your help.
Best,
Sicily
Not at all!