Understand why there are MariaDB connections to "nome_utente_qui" @ localhost
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	valerio.bozzolan
	Jan 15 2022, 16:26

Description

In the standard error MariaDB log of Reyboz server gargantua there are many:

2021-12-31  5:27:57 13500403 [Warning] Access denied for user 'nome_utente_qui'@'localhost' (using password: YES)

Maybe there is a CMS in the shared environment with dummy credentials that can be removed.

Event Timeline

valerio.bozzolan triaged this task as Low priority.Jan 15 2022, 16:26

valerio.bozzolan created this task.

Restricted Application added a project: User-valerio.bozzolan. · View Herald TranscriptJan 15 2022, 16:26

OK. This was caused by some WordPress deployments localized in Italian where the file wp-config-sample.php has hardcoded dummy credentials:

wp-config-sample.php

<?php

...

// ** Impostazioni MySQL - È possibile ottenere queste informazioni dal proprio fornitore di hosting ** //
/** Il nome del database di WordPress */
define('DB_NAME', 'nome_del_database_qui');

/** Nome utente del database MySQL */
define('DB_USER', 'nome_utente_qui');

/** Password del database MySQL */
define('DB_PASSWORD', 'password_qui');

...

/** Imposta le variabili di WordPress ed include i file. */
require_once(ABSPATH . 'wp-settings.php');

I think this file is visited directly from bot spammers and so explaining all these log lines.

Some affected domains:

itwikic*
angeloin*
noieg*
informazioni.wiki
davidpi*
reyb*

Found using:

grep -R 'nome_utente_qui' / 2>/dev/null

Understand why there are MariaDB connections to "nome_utente_qui" @ localhostClosed, ResolvedPublicActions

Description

Event Timeline

Understand why there are MariaDB connections to "nome_utente_qui" @ localhost
Closed, ResolvedPublic
Actions