Mysterious core.xyz files appearing in the public folder. What are these? Is there any way to completely block this?
Step to reproduce
It just started happening…
Over time the public folder gets literally flooded with core dump file that end up filling the whole hosting available space.
This didn’t happen until a couple days ago. This modx installation has something like 12 contexts piloting 12 different websites. All of them worked correctly but now the last 3 in the list just go timeout.
Modx 2.6.5 on apache server with PHP 7.2. The installation is pretty old and a lot of code has been customized over the years so i’m pretty scared about updating the core. I may try to do it on a local backup and see if it holds before doing the update on production. Also the hosting machine is somewhat basic… having a lot of domains we will try to upgrade cores and ram. And try a reboot first of all.
You definitely want to update MODX. MODX 2.6.5 has known security vulnerabilities. MODX 2.8.4 is the current version. I believe the UpgradeMODX extra will work on your site. Upgrade to 2.7.0 and then 2.8.0, then 2.8.4.
Definitely back up the site (both files and DB) first. With your custom code, I wouldn’t recommend upgrading to MODX 3 yet.
If your site has been hacked, this won’t necessarily solve your problem, but it might. I’d recommend changing your site’s username and password as well as the DB username and password before doing the upgrades. Once you’ve confirmed that the site is working after the changes, do the upgrades.
It’s possible that the core dumps are caused by some error in your PHP due to updates of the PHP version, but I think it’s unlikely.
Take a look at any
index.php files or other unrecognized files on the site to see if there’s anything in them that would do a core dump.
This might also be relevant.
Thanks the issue seems to be resolved. also upgraded the server. but there’s another issue that drives me mad. Will open a new thread