Understand why there are MariaDB connections to "nome_utente_qui" @ localhost
Closed, ResolvedPublic


In the standard error MariaDB log of Reyboz server gargantua there are many:

2021-12-31  5:27:57 13500403 [Warning] Access denied for user 'nome_utente_qui'@'localhost' (using password: YES)

Maybe there is a CMS in the shared environment with dummy credentials that can be removed.

Event Timeline

valerio.bozzolan created this task.

OK. This was caused by some WordPress deployments localized in Italian where the file wp-config-sample.php has hardcoded dummy credentials:



// ** Impostazioni MySQL - È possibile ottenere queste informazioni dal proprio fornitore di hosting ** //
/** Il nome del database di WordPress */
define('DB_NAME', 'nome_del_database_qui');

/** Nome utente del database MySQL */
define('DB_USER', 'nome_utente_qui');

/** Password del database MySQL */
define('DB_PASSWORD', 'password_qui');


/** Imposta le variabili di WordPress ed include i file. */
require_once(ABSPATH . 'wp-settings.php');

I think this file is visited directly from bot spammers and so explaining all these log lines.

Some affected domains:

  • itwikic*
  • angeloin*
  • noieg*
  • davidpi*
  • reyb*

Found using:

grep -R 'nome_utente_qui' / 2>/dev/null