app/etc/local.xml compromised #1882
Replies: 5 comments 7 replies
-
Bad actor may gain access to the DB, if that happens, the potential damage is exponentially propotional to the worth of the data. |
Beta Was this translation helpful? Give feedback.
-
Are you in EU? Then consult your lawyer regarding country specific rules about gdpr. In Poland you have 48h to notify in a formal way the administrator of the personal data of the system (usually the merchant). |
Beta Was this translation helpful? Give feedback.
-
This is exactly the right question to start a risk analyses. Usually the biggest risk here is the backend url, although there are rare cases of misconfigured server setups, which also expose mysql or redis to the web. |
Beta Was this translation helpful? Give feedback.
-
Oh boy! doesn't Magento actually show a warning in the admin panel when it's misconfigured? Pretty sure I saw it before. It happened to us before, some bots were crawling the website looking for configuration files but luckily we had everything configured properly. |
Beta Was this translation helpful? Give feedback.
-
Is it an Nginx webserver, isn't it? It happens if you don't configure it properly.
Only a stupid hacker reveals his actions like deleting files or changing files. Those who are smart continue staying undercover and grabbing information. If you have root access to that machine you can check the logs. You can check webserver logs who accessed local.xml. I would go further in checking what files were created, accessed, modified in /home/. |
Beta Was this translation helpful? Give feedback.
-
Due to a misconfiguration of the server, we have found that some websites expose their app/etc/local.xml.
What are the consequences? 💣
Beta Was this translation helpful? Give feedback.
All reactions