Use this script to secure your config file, this script will chmod your config files at your webserver to 0600:
[sourcecode lang="php"]
set_time_limit(0);
@$passwd=fopen('/etc/passwd','r');
if (!$passwd) {
echo "[-] Error : Tidak bisa membaca /etc/passwd\n";
exit;
}
$path_to_public = array();
$users = array();
$pathtoconf = array();
$i=0;
while(!feof($passwd)) {
$str=fgets($passwd);
if ($i>35) {
$pos=strpos($str,”:”);
$username=substr($str,0,$pos);
$dirz=”/home/$username/public_html/”;
if (($username!=”")) {
if (is_readable($dirz)) {
array_push($users,$username);
array_push($path_to_public,$dirz);
}
}
}
$i++;
}
echo “[+] Ditemukan “.sizeof($users).” userid di /etc/passwd\n”;
echo “[+] Ditemukan “.sizeof($path_to_public).” folder public_html yang bisa dibaca\n”;
echo “[~] Ok mari kita chmod/secure file-file config 
…\n\n”;
foreach ($users as $user) {
$path=”/home/$user/public_html/”;
echo (“Memindai $path: \n”);
read_dir($path,$user);
}
echo “\n[+] Done\n”;
function read_dir($path,$username) {
if ($handle = opendir($path)) {
while (false !== ($file = readdir($handle))) {
$fpath=”$path$file”;
if (($file!=’.') and ($file!=’..’)) {
if (is_readable($fpath)) {
$dr=”$fpath/”;
if (is_dir($dr)) {
read_dir($dr,$username);
} else {
if (($file==’config.php’) or ($file==’config.inc.php’) or ($file==’db.inc.php’) or ($file==’connect.php’) or ($file==’wp-config.php’) or ($file==’var.php’) or ($file==’configure.php’) or ($file==’db.php’) or ($file==’configuration.php’) or ($file==’db_connect.php’)) {
chmod($fpath,0600);
echo “[+] $fpath…berhasil di secure kan\n”;
}
}
}
}
}
}
}
?>
[/sourcecode]
Save the code, and run it on your webserver. I suggest you to run it at root path /
[sourcecode lang="bash"]php -q secure.php[/sourcecode]
Related posts:
[...] For mass chmod, use this script: http://ahlul.web.id/2010/06/17/php-mass-chmod-config-files.html [...]
That’s the best awnsre of all time! JMHO
e822vG ryleyqmkphys