Running a server can be difficult and it is very easy to leak important credentials. Much easier than you want it to be. I ended up leaking a dangerous file from one of the WordPress websites I manage, named ‘wp-config.php.save’ to the public internet. It contained passwords to the site database, cookie keys and cookie salts. This created a couple issues, namely the fact that anyone who could access the database server could have had full write permissions. There are a couple reasons why I don’t think this happened, and most of them are due to great default protection by Azure, so I got extremely lucky. I am going to dive in to the events leading up to the incident and then what I did to resolve it.
- 28-Jul-2020 | 1533 Words | 8 min read
- 09-Jul-2019 | 477 Words | 3 min read
It bothered me for a while that I had to type
sudo apt updateand then
sudo apt upgradein order to update my Ubuntu Linux system. It just felt like there had to be an easier way to figure out what to update and just upgrade it with one command in an easy to use way.
Eventually I realized I could just write my own bash script and execute it from the command line. This post will go into a bit of detail about how I did that.