WordPress.org

Ready to get started?Download WordPress

Forums

Hacker replaced wp-config.php but did no other damage (2 posts)

  1. Jaymis
    Member
    Posted 8 years ago #

    I had an "intrusion" last night on createdigitalmotion.com (which we're about to be announced publicly, so preview for WP users :). The site is based around WordPress and Gallery2 via WPG2. The hacker (aTMaCa) replaced wp-config.php with their own html code. For reference I have uploaded a rar of this replaced file to http://www.createdigitalmotion.com/wpcfghack.rar, but it doesn't have much information (apart from dentifying the hacker and their political cause).

    We're hosted on Site5 and are using the latest versions of WordPress and Gallery. There are a reasonable slew of plugins but I think they're basically up to date, for reference we use:
    Taragana's Delicious MP3 Player, BDP RSS Aggregator, Customizable Post Listings, WP-Email, Exec-PHP, Fold Page List, Gravatar, Official Comments, PXS Mail, Random File, Google Sitemaps, Smart Archives, Fuzzy Recent Comments, Spam Karma 2, Ultimate Tag Warrior, WPG2, WP Database Backup, WP-phpBB, Permalink Redirect.
    (Wow, there's more than I thought when I actually type them in)

    Apart from the wp-config.php change there wasn't any damage. All databases are intact and files seem to be fine. No passwords were changed. I looked at the permissions of wp-config after I uploaded my backup version and it was set to 666, I've changed it to 644 but I thought that this wasn't a huge problem on a shared platform such as Site5.

    I've read all the other "my WP site was hacked" threads, but none of them seem to fit what's happened here.

    So, I'm just wondering if anyone has any ideas how someone could get into wp-config.php but then not damage anything else? Apart from changing the permissions, is there anything else I can do to prevent something like this happening in the future?

    Cheers

    Jaymis

  2. maerk
    Member
    Posted 8 years ago #

    Not sure, but if they had access to your wp-config.php, then they can get your database username and password.

    There's a way to prevent this from happening by setting the username and password as variables in the $_SERVER array, but I can't remember the exact mechanism.

    For now, change your database password, and ask your hosts to look into this to see if there's anything they can do.

Topic Closed

This topic has been closed to new replies.

About this Topic