Hello's again.
We had an intrusion at our web host. Some Turk1sh h4ck3r guy replaced the root index.htm (which was just a redirect) and dumped some php scripts into an uploads directory.
So I'm in the process of changing lots of passwords. (wish my web host had secure FTP but, sigh, no.)
I see in Admin > tools > Admin settings where I can change the admin password, that's cool.
But how does that affect the non-writeable configuration files for database connectivity?
Is it adviseable to change the database user passwords too (using PhpMyAdmin), and if so, how do I get those passwords into the config files? They are stored in the database encrypted, right? Looks like the configuration.php files also have the encrypted version of the admin password.
I am wondering what is the correct procedure, so I don't detach ZC from its beloved database.
---Diana
Bookmarks