Home General support

hacker has edited the config file ????

elliott Member
in General support
I have v1.2.9 on a client's site. In troubleshooting connectivity problem today, I see that the config file has been edited to reflect a different database name, user name and password and mysql_host redefined to point to mysqlforfree.com instead of the local host.

Using the user name and password, I logged in at mysqlforfree.com to see what was there. No database there, but there was an actual account set up.

Has this ever happened in the past? Is this a known vulnerability of the old version? What would a hacker accomplish by doing this? In other words, I am trying to find out if just editing the config file back to the correct settings will fix the gallery, or was there further damage done?

Any light shed on the situation would be helpful. Thanks.

Comments

  • acrylian Administrator, Developer
    This has happened before and is usually the result of too less restrictive file/folder permissions on your server. On current release Zenphoto will try to set the right ones. Please see the troubleshooting about that and do a forum search.
  • sbillard Member
    Actually, probably the most common reason this happens is that you have not removed the setup files from your installation. Current versions of Zenphoto will recommend you do this. There are really a lot of security issues in such an old Zenphoto. Please beware.

    This hack does not give the hacker access to your site, just breaks it. Restoring the zp-config.php file will most likely make everything right again. But, do remove the setup files and consider upgrading for the other security improvements.
  • elliott Member
    Just found a previous post that sheds light....... so I moved my discussion on this to that thread:
    http://www.zenphoto.org/support/topic.php?id=8227&replies=11#post-49621
  • elliott Member
    Is it just the one file "setup.php" that needs to be removed or are there others?
  • sbillard Member
    All setup files should be deleted just to be safe. (None are useful anyway unless all are there.) But to be sure delete the setup.php as it is the most dangerous.

    Unless you have serious server security issues as well, the hacker could not place the setup files back on your server. Besides, if he could do this, he could just replace the zp-config.php file alone, so why would he bother with the setup files :)
Sign In or Register to comment.