Blog Sections Open
What to Check First During a Mass Hack of Legacy MODX Sites
When many old MODX or Evolution sites show injected links at once, treat it as a platform-wide incident: audit versions, entry points, and writeable paths immediately.
Hidden links injected into page source are one of the most obvious signs of a compromised legacy site. When the same pattern appears across many installations, the right response is not just to delete the visible payload — it is to assume the whole deployment process needs review.
Immediate priorities
- take the site offline if needed
- scan templates, chunks, and file writes for injected code
- review manager access and hosting credentials
- identify the exact core version and known vulnerabilities
Long-term lesson
Very old Evolution installs need patching, controlled permissions, and regular file integrity checks. Cleaning one injected link without fixing the root cause only invites the next compromise.
Fixing Named Anchor Conflicts with jQuery UI Tabs and base href
If jQuery UI tabs start loading the home page instead of switching locally, look at how named anchors interact with base href and relative links.
Refreshing Friendly URLs After Applying Translit Aliases
After generating aliases with Translit, existing resources may still need to be re-saved or rebuilt before the new friendly URLs start resolving correctly.