Comments on: Wp-config.php security leak – hundreds of blogs hacked http://www.blogtap.net/wp-config-php-security-leak-hundreds-of-blogs-hacked/ The latest in blogging Wed, 11 Jan 2012 20:02:21 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Nash http://www.blogtap.net/wp-config-php-security-leak-hundreds-of-blogs-hacked/comment-page-1/#comment-16577 Nash Mon, 05 Sep 2011 23:09:46 +0000 http://www.blogtap.net/?p=1224#comment-16577 This is a serious problem and an invisible threat to diabetics. There's no way to trace who committed the crime. I first learned about the hacking controversy here: http://blogs.carouselindustries.com/security/security-breach-roundup-2-banks-2-schools-and-an-insulin-pump Turns out that the companies are turning a blind eye. However, the same can't be said for citigroup and other financial institutions even though those don't necessary result in death. This is a serious problem and an invisible threat to diabetics. There’s no way to trace who committed the crime. I first learned about the hacking controversy here: http://blogs.carouselindustries.com/security/security-breach-roundup-2-banks-2-schools-and-an-insulin-pump Turns out that the companies are turning a blind eye. However, the same can’t be said for citigroup and other financial institutions even though those don’t necessary result in death.

]]> By: Mix Twist http://www.blogtap.net/wp-config-php-security-leak-hundreds-of-blogs-hacked/comment-page-1/#comment-16521 Mix Twist Sat, 03 Sep 2011 09:35:24 +0000 http://www.blogtap.net/?p=1224#comment-16521 I was still looking to make my wordpress blog more secure and this article solved my problme Thanks for sharing. I was still looking to make my wordpress blog more secure and this article solved my problme Thanks for sharing.

]]> By: Securing a new WordPress installation, part 1: wp-config.php http://www.blogtap.net/wp-config-php-security-leak-hundreds-of-blogs-hacked/comment-page-1/#comment-15770 Securing a new WordPress installation, part 1: wp-config.php Thu, 04 Aug 2011 19:53:51 +0000 http://www.blogtap.net/?p=1224#comment-15770 [...] of this behaviour happened in 2010 when hundreds of WordPress installations were hacked due to a defective configuration of a shared hosting by Network Solutions, that allowed the hackers to access the data from other [...] [...] of this behaviour happened in 2010 when hundreds of WordPress installations were hacked due to a defective configuration of a shared hosting by Network Solutions, that allowed the hackers to access the data from other [...]

]]> By: Business Strategies For Online Business | Business Management | mekagycete http://www.blogtap.net/wp-config-php-security-leak-hundreds-of-blogs-hacked/comment-page-1/#comment-15349 Business Strategies For Online Business | Business Management | mekagycete Fri, 15 Jul 2011 02:03:16 +0000 http://www.blogtap.net/?p=1224#comment-15349 [...] sudan da vinci code gangs of new york gangs of new york migraine rpm the social network This entry was posted in Uncategorized. Bookmark the permalink. [...] [...] sudan da vinci code gangs of new york gangs of new york migraine rpm the social network This entry was posted in Uncategorized. Bookmark the permalink. [...]

]]> By: Vic http://www.blogtap.net/wp-config-php-security-leak-hundreds-of-blogs-hacked/comment-page-1/#comment-13431 Vic Thu, 17 Feb 2011 18:59:41 +0000 http://www.blogtap.net/?p=1224#comment-13431 Thanks for this security tips. Because of too much automation, we often neglect to set the right CHMOD for the wp-config.php file. So it's 640. Thanks for this security tips. Because of too much automation, we often neglect to set the right CHMOD for the wp-config.php file. So it’s 640.

]]> By: stephen http://www.blogtap.net/wp-config-php-security-leak-hundreds-of-blogs-hacked/comment-page-1/#comment-11548 stephen Wed, 22 Dec 2010 04:03:41 +0000 http://www.blogtap.net/?p=1224#comment-11548 most blog owner will not know what user running webserver. chmod to 644 will always make sure the webserver can read wp-config.php. So you can chmod 640 if the files owned by webserver. even 600 is ok. this problem in Network Solutions is the case of internal user who own probably one of these blog. This user knows where the path to wp-config.php in filesystem. and he can create a php file that read wp-config.php file in his browser. for outside user, this not possible if the file is 640. most blog owner will not know what user running webserver.
chmod to 644 will always make sure the webserver can read wp-config.php. So you can chmod 640 if the files owned by webserver. even 600 is ok.

this problem in Network Solutions is the case of internal user who own probably one of these blog. This user knows where the path to wp-config.php in filesystem. and he can create a php file that read wp-config.php file in his browser.

for outside user, this not possible if the file is 640.

]]> By: bob http://www.blogtap.net/wp-config-php-security-leak-hundreds-of-blogs-hacked/comment-page-1/#comment-8676 bob Wed, 18 Aug 2010 22:41:45 +0000 http://www.blogtap.net/?p=1224#comment-8676 Thanks, I have been looking around trying to figure out what my wp-config should be set at ... much appreciated! Thanks, I have been looking around trying to figure out what my wp-config should be set at … much appreciated!

]]> By: Harsh Agrawal http://www.blogtap.net/wp-config-php-security-leak-hundreds-of-blogs-hacked/comment-page-1/#comment-915 Harsh Agrawal Wed, 14 Apr 2010 18:40:30 +0000 http://www.blogtap.net/?p=1224#comment-915 As far as I know, Wordpress is giving liberty in file permission to make sure that wordpress will not have any issue with any web-hosting... As far as I know, WordPress is giving liberty in file permission to make sure that wordpress will not have any issue with any web-hosting…

]]> By: Ankit http://www.blogtap.net/wp-config-php-security-leak-hundreds-of-blogs-hacked/comment-page-1/#comment-872 Ankit Tue, 13 Apr 2010 16:55:44 +0000 http://www.blogtap.net/?p=1224#comment-872 :O I didn't know about this. Recently I came to know that CERT has also issued a high alert for Cyber Attacks :O I didn’t know about this. Recently I came to know that CERT has also issued a high alert for Cyber Attacks

]]>