Where did js file on the website?

Recently there is a new file. As a result, when you visit any page of the domain he redirected much porn.
The files have links to sloi1.com/какие-тоцифры.js
Surprising but other sites on the hosting are not touched, only one.
How could he get from the website? Third-party people through access to FTP?
June 3rd 19 at 19:04
4 answers
June 3rd 19 at 19:06
Solution
on it, the old version of modeks - Virginia.Paucek commented on June 3rd 19 at 19:09
https://modx.ru/novosti-i-stati/article/403/ - Birdie_Jones92 commented on June 3rd 19 at 19:12
okay, thank you! - Virginia.Paucek commented on June 3rd 19 at 19:15
he probably Evo - Jaqueline.Parisian commented on June 3rd 19 at 19:18
June 3rd 19 at 19:08
Solution
19 the number of active break. Found a major vulnerability in modx CVE-2018-1000207.
One of the implementations paloda contains a virus of the type JS/Redirector-NKN . In each js file are written the following lines var _0x2515=["","\x6A ...

If there is a backup to the 19 number that is very easily treated. To delete a site restore from backup, patch, and better to ehpm upgrade to 2.6.5.

described in detail yourself fstrange.ru/coder/php/lechit-modx-ot-virusa.html
fStrange
After running the script flies website
Error 503
Site temporarily unavailable

there are maybe some other ideas how to remove it - maybe using regular expressions in Notepad,
and files under 1000 damaged - Virginia.Paucek commented on June 3rd 19 at 19:11
What makes this virus? - Birdie_Jones92 commented on June 3rd 19 at 19:14
Or deletes the file or redirect to be on a bunch of sites. The main thing in SEO will be banned in Yandex and Google - Virginia.Paucek commented on June 3rd 19 at 19:17
and what exactly does the ban in SEO in Yandex? - Jaqueline.Parisian commented on June 3rd 19 at 19:20
, Will be removed from indexing. Nothing wrong with it, after contacting support positions are normalized. - nikita.Stracke commented on June 3rd 19 at 19:23
June 3rd 19 at 19:10
Kull! Also today I caught the same virus, cool pluok towards MODX
June 3rd 19 at 19:12
Modx can't update automatic critical vulnerability? Or at least make the notification
only in the admin area on the main page and in English on mail nothing comes up - Virginia.Paucek commented on June 3rd 19 at 19:15

Find more questions by tags MODXHacking