Serendipity Forums

today I noticed that when accessing my blog, I only got DATABASE_ERROR. So I went into the shell and found that the password in serendipity_config_local.inc.php had been changed, and not by me. The date stamp on the file was for the middle of the night my time. File still has 600 permisions. Would it be possible for a web user to change that file? I'm pretty sure nobody got unix shell access -- only ssh access with a matching public/private keypair is allowed, and i've only allowed my private key to be used. I recently upgraded to the most recent version (0.8.2).

How about checking the secure.log or equivalent to see if there had been
any SSH authentication during the night?

If you are using Serendpity below 0.8.2 you might have got hacked because of the XML-RPC bug that was in many applications (Drupal, WordPress and others were/are affected too)...

Regards,
Garvin