No, the wp-config.php file was always created prior to installation by renaming wp-config-sample.php (or whatever it is), editing the variables, and uploading.
-- Rick On 11/2/06, Rafael Rivera Jr. <[EMAIL PROTECTED]> wrote:
Are you letting the install.php script create wp-config.php? Last I checked, the installer creates this file with 666 perms... Rafael Rick Beckman wrote: > My host (Dreamhost) said it was a problem with Wordpress or one of its > plugins and left it at that. > > The only files the cracker accessed though were related to login, > dashboard, > presentation, theme editor, and c99.php (a name variant of the > c99shell.phpscript). > > I'm not upset with Wordpress--moreso my host for being less than > helpful--and was only wondering if it was a possible vulnerability. If it > was strictly password related, it's hard to imagine it happening twice > without repeated accesses of the login file. > > Oh well, > Rick :-) > > On 11/2/06, steve caturan <[EMAIL PROTECTED]> wrote: >> >> looks like a local security breach. :) so forward your findings to >> your host. they need to work with you to resolve the issue. >> >> On 11/2/06, Rick Beckman <[EMAIL PROTECTED]> wrote: >> > Using 2.0.5, I have had my whole hosting account wiped out twice via a >> user >> > being able to upload a script (commonly called c99shell.php) which is >> able >> > to do a number of malicious things. From what I have seen online via a >> few >> > Google searches, users are able to upload via the File Upload in the >> > Wordpress admin without logging in. However, I also noticed in my logs >> that >> > the user was toying around in the Wordpress theme editor, but I >> have no >> idea >> > what he was doing. And passwords were all changed between the site >> > defacings. >> > >> > So, I'm just writing to confirm whether or not such a thing is >> possible >> (i.e., >> > could WordPress be to blame?) and is there a way to forbid the >> uploading >> of >> > php files? >> > >> > -- >> > Rick Beckman >> > _______________________________________________ >> > wp-testers mailing list >> > [email protected] >> > http://lists.automattic.com/mailman/listinfo/wp-testers >> > >> _______________________________________________ >> wp-testers mailing list >> [email protected] >> http://lists.automattic.com/mailman/listinfo/wp-testers >> > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
