[Hidden-tech] The case of the missing Home Page...

Robert Heller heller at deepsoft.com
Wed Jun 9 13:22:59 EDT 2010 

At Wed, 9 Jun 2010 11:51:07 -0400 "David F. Farkas" <david at farkas.com> wrote:

> 
> MIME-Version: 1.0
> 
>    ** Be sure to fill out the survey/skills inventory in the member's area.
>    ** If you did, we all thank you.
> 
> 
> 
> 
> 
> Hey Web Mavens... here is a mystery for you.
> 
> I have a WP site/blog at www.HouseHealing.com set to open on a static 'HOME'
> page rather than the blog. It's been just fine for months.
> 
> Yesterday the HOME page was gone. People landed on a 404 page. In the WP
> dashboard the HOME page was completely gone.
> 
> Other than someone hacking the login and doing that, is there any way you
> can think of that would happen? What can I do to protect it?

Someone diddled with the database directly.  What is the protection of
your wp-config.php file?  Do users have shell access to server (or was
the server root hacked)?

wp-config.php should only be readable by the httpd deamon's user and
noone else (chmod go-rwx wp-config.php).  The httpd deamon's user
should not have shell access (its login shell should be /bin/true or
/bin/nologin).  wp-config.php contains your MySQL username, password,
and database name, so if someone with shell access to the server got on
and looked at that file, they could then fire up mysql and have all
sorts of fun with SQL and do all sorts of things to your web site... 

Oh, your system admin *should* have restricted the MySQL username to
@'localhost' and should also have only granted access to each (WP,
Joomla!, Drupal, etc.) user the specific database(s) that user should
have access to -- typically, each user gets his/her own database and
that is the only database they can mess with -- only admins get granted
all privs to *.*!  If the admin messed up and granted someone all
prives to *.*, some other WP user could have screwed with your database
(intentionally or by mistake).

> 
> Thanx
> David
> 

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
heller at deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/

Google
More information about the Hidden-discuss mailing list