JUST GOT HACKED
Νίκος
nikos.gr33k at gmail.com
Wed Oct 2 06:52:39 EDT 2013
zero piraeus have said:
> In other words: you weren't "hacked". You'd been repeatedly told that
> you had publicly visible source code on the net containing passwords in
> plain text; all anyone had to do was login to your server with the
> credentials you negligently exposed, and open a text editor. If that's
> hacking, I'm Neo.
I'am aware of that fact, but the line you are refering too was just
initiating a mysql connection:
con = pymysql.connect( db = 'mypass', user = 'myuser', passwd =
'mysqlpass', charset = 'utf8', host = 'localhost' )
That was viewable by the link Mark have posted.
But this wasnt my personal's account's login password, that was just the
mysql password.
Mysql pass != account's password
> That's not to say someone else *hasn't* pissed in your bucket, but if
> they have, they won't have publicised the fact.
Ah, now i shoudl worry for more people breaking in?
> By the way: if you haven't already, you'll want to remove the extra line
> from your .htaccess file.
Tell me the line you are referring to.
Yes i added some line but i want you to tell me which line is that.
> case it isn't obvious: no, it wasn't
> Mark Lawrence.
Who was it then, you?
I wont get mad but i want you too answer all of my questions and:
1. state by which method you managed to break in since at noplace at my
awareness did i psot my account's login pass, only the source code of my
main script which is now fixed by me altering the httpd.conf file and
placing extra lines into my main .htaccess file
2. Be sincere and tell me if you have created a backdoor on my server
that allows you to remotely login and do stuff.
I will even thank you for not destroying my system, but i want these
questions i just types to be answered so i take action to fix things ven
better.
Please, this is a business server.
More information about the Python-list
mailing list