hack attempt?

Random stuff about serendipity. Discussion, Questions, Paraphernalia.
Post Reply
kevin v

hack attempt?

Post by kevin v »

today I noticed that when accessing my blog, I only got DATABASE_ERROR. So I went into the shell and found that the password in serendipity_config_local.inc.php had been changed, and not by me. The date stamp on the file was for the middle of the night my time. File still has 600 permisions. Would it be possible for a web user to change that file? I'm pretty sure nobody got unix shell access -- only ssh access with a matching public/private keypair is allowed, and i've only allowed my private key to be used. I recently upgraded to the most recent version (0.8.2).
Top
wesley
Regular
Posts: 197
Joined: Sun Jul 10, 2005 11:15 am
Contact:
Contact wesley

Post by wesley »

How about checking the secure.log or equivalent to see if there had been
any SSH authentication during the night?
I make s9y plugins, too.
My s9y blog depends on them. :)
Top
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:
Contact garvinhicking

Post by garvinhicking »

If you are using Serendpity below 0.8.2 you might have got hacked because of the XML-RPC bug that was in many applications (Drupal, WordPress and others were/are affected too)...

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Top
Post Reply

Return to “General discussions”