Hacker News new | past | comments | ask | show | jobs | submit login

What do you mean with staging files, what is not sensitive about username and password of the database?



Well a Wordpress production site is a rare and precious thing to find on Github. There are some that exist, but then even if I do find it:

1.) Password will be changed

2.) Possible honeypot

3.) Boring site is boring. No need to hack it. Not popular enough

Same goes for other databases on there. An enormous amount of cruft to wade through to get anything remotely juicy/interesting. And the same heuristics apply above: is it really so great that I logged into a boring MYSQL database that is probably being monitored and has nothing interesting in there in the first place?


I think they mean that a majority of these are instances where someone installed WP to play with it and these are the testing files rather than an actual website they are using. When I installed WP recently, I know I just used a dummy password for testing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: