xyclopsoft
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Media Temple oeaou hackThis is my first “hack” and I am less than thrilled with MTs trying to blame this problem on ME. My passwords are secure. My sites are up-to-date. I have minimal plugins. And I’ve not touched the DB permissions, passwords, etc. or the wp-config.php files (until today). If the DB security is “weak” it’s because MT made it that way with the one-click install.
Even if your wp-config.php files were readable, they would have to be read inside the server somehow, not from a webserver.
Either:
MT failed somehow in making a bunch of FTP/MySQL passwords available
MT failed somehow in allowing php to be shut off, allowing the config files to be read via a browser
MT failed somehow in making the MySQL database available/writable
MT failed in some other wayThis is absolutely not the fault of file permissions alone, and if MT don’t know this, they are incompetent, and if they do know it, they are shameful. Trying to upsell is even worse.
This particular vulnerability only affected MT users on GS accounts. I haven’t seen one other example with a different host, or even a different account with MT.
Blaming customers when it is very clear it could not possibly be the customers who are at fault is shabby and if I were the one who chose where these sites were hosted, it would quite literally be anywhere else.
Forum: Fixing WordPress
In reply to: Media Temple oeaou hackjakobud, I have had sites with altered auth keys and default keys compromised.
e: I didn’t use a key generator but typed in my own key phrases.
Forum: Fixing WordPress
In reply to: Media Temple oeaou hackChecked one affected site and the perms are 751 (rwxr-x–x)
One unaffected (and much older) site has perms of 644 (rw-r–r–)
Forum: Fixing WordPress
In reply to: Media Temple oeaou hackHi folks.
This looks like the attack vector was PhpMyAdmin – the code in the script:
pma_visited_theme
uses the same naming convention as PhpMyAdmin javascript vars.The second thing that makes me suspect this is that on every MT PhpMyAdmin installation I have visited, it says the server certificate (for SSL/https) is expired. I wonder if that also has something to do with it.
I’ll pass this along to MT, in case they aren’t reading here any more.