JUST GOT HACKED

Νίκος nikos.gr33k at gmail.com
Wed Oct 2 06:52:39 EDT 2013


zero piraeus have said:

> In other words: you weren't "hacked". You'd been repeatedly told that
> you had publicly visible source code on the net containing passwords in
> plain text; all anyone had to do was login to your server with the
> credentials you negligently exposed, and open a text editor. If that's
> hacking, I'm Neo.

I'am aware of that fact, but the line you are refering too was just 
initiating a mysql connection:

con = pymysql.connect( db = 'mypass', user = 'myuser', passwd = 
'mysqlpass', charset = 'utf8', host = 'localhost' )

That was viewable by the link Mark have posted.

But this wasnt my personal's account's login password, that was just the 
mysql password.

Mysql pass != account's password

> That's not to say someone else *hasn't* pissed in your bucket, but if
> they have, they won't have publicised the fact.

Ah, now i shoudl worry for more people breaking in?

> By the way: if you haven't already, you'll want to remove the extra line
> from your .htaccess file.

Tell me the line you are referring to.
Yes i added some line but i want you to tell me which line is that.

> case it isn't obvious: no, it wasn't
> Mark Lawrence.

Who was it then, you?


I wont get mad but i want you too answer all of my questions and:

1. state by which method you managed to break in since at noplace at my 
awareness did i psot my account's login pass, only the source code of my 
main script which is now fixed by me altering the httpd.conf file and 
placing extra lines into my main .htaccess file

2. Be sincere and tell me if you have created a backdoor on my server 
that allows you to remotely login and do stuff.

I will even thank you for not destroying my system, but i want these 
questions i just types to be answered so i take action to fix things ven 
better.

Please, this is a business server.



More information about the Python-list mailing list