zero piraeus have said:
In other words: you weren't "hacked". You'd been repeatedly told that
you had publicly visible source code on the net containing passwords in
plain text; all anyone had to do was login to your server with the
credentials you negligently exposed, and open a text editor. If that's
hacking, I'm Neo.
I'am aware of that fact, but the line you are refering too was just
initiating a mysql connection:
con = pymysql.connect( db = 'mypass', user = 'myuser', passwd =
'mysqlpass', charset = 'utf8', host = 'localhost' )
That was viewable by the link Mark have posted.
But this wasnt my personal's account's login password, that was just the
mysql password.
Mysql pass != account's password
That's not to say someone else *hasn't* pissed in your bucket, but if
they have, they won't have publicised the fact.
Ah, now i shoudl worry for more people breaking in?
By the way: if you haven't already, you'll want to remove the extra line
from your .htaccess file.
Tell me the line you are referring to.
Yes i added some line but i want you to tell me which line is that.
case it isn't obvious: no, it wasn't
Mark Lawrence.
Who was it then, you?
I wont get mad but i want you too answer all of my questions and:
1. state by which method you managed to break in since at noplace at my
awareness did i psot my account's login pass, only the source code of my
main script which is now fixed by me altering the httpd.conf file and
placing extra lines into my main .htaccess file
2. Be sincere and tell me if you have created a backdoor on my server
that allows you to remotely login and do stuff.
I will even thank you for not destroying my system, but i want these
questions i just types to be answered so i take action to fix things ven
better.
Please, this is a business server.
--
https://mail.python.org/mailman/listinfo/python-list
