My config file changed overnight

[creativepart]

Something disturbing happened overnight.

Someone changed the SQL DB username and password in my Classifieds config file.

Obviously, it sounds like some kind of hack. Do you know how anyone could do that? I had the permissions set at 777 for those two files during set up and forgot to bring it back down after. What do you think I should keep these files at? 744 or 655?

Is there anyway to hide the DB password in those files?

In case this is some known problem I'll mention that the new DB username was set to "jembut" and the password to "itil"

[Chuck S]

The only way someone could change your info is if you give them admin access to my knowledge

The config files should be 666

[creativepart]

Yeah, I would think that too. But no one knows my password and its 12 characters of letters and numbers. Hard to crack.

Is there anyway it could happen accidentally? I checked the admin log in Classifieds and they show no activity. I'll check my server logs.

The extra odd thing is the Classifieds is just one part of a much larger website. If they could get in to Classifieds then they probably could have gotten into much more and even caused damage.

So, why just change the db username and password in a config file and nothing eles? All it did is break Classifieds in a non-destructive way.

[Chuck S]

Well people can hack servers. Check your server logs.