Use this script to secure your config file, this script will chmod your config files at your webserver to 0600:

[sourcecode lang="php"] set_time_limit(0);
@$passwd=fopen('/etc/passwd','r');
if (!$passwd) {
echo "[-] Error : Tidak bisa membaca /etc/passwd\n";
exit;
}
$path_to_public = array();
$users = array();
$pathtoconf = array();
$i=0;

while(!feof($passwd)) {
$str=fgets($passwd);
if ($i>35) {
$pos=strpos($str,”:”);
$username=substr($str,0,$pos);
$dirz=”/home/$username/public_html/”;
if (($username!=”")) {
if (is_readable($dirz)) {
array_push($users,$username);
array_push($path_to_public,$dirz);
}
}
}
$i++;
}
echo “[+] Ditemukan “.sizeof($users).” userid di /etc/passwd\n”;
echo “[+] Ditemukan “.sizeof($path_to_public).” folder public_html yang bisa dibaca\n”;
echo “[~] Ok mari kita chmod/secure file-file config …\n\n”;

foreach ($users as $user) {
$path=”/home/$user/public_html/”;
echo (“Memindai $path: \n”);
read_dir($path,$user);
}

echo “\n[+] Done\n”;

function read_dir($path,$username) {
if ($handle = opendir($path)) {
while (false !== ($file = readdir($handle))) {
$fpath=”$path$file”;
if (($file!=’.') and ($file!=’..’)) {
if (is_readable($fpath)) {
$dr=”$fpath/”;
if (is_dir($dr)) {
read_dir($dr,$username);
} else {
if (($file==’config.php’) or ($file==’config.inc.php’) or ($file==’db.inc.php’) or ($file==’connect.php’) or ($file==’wp-config.php’) or ($file==’var.php’) or ($file==’configure.php’) or ($file==’db.php’) or ($file==’configuration.php’) or ($file==’db_connect.php’)) {
chmod($fpath,0600);
echo “[+] $fpath…berhasil di secure kan\n”;
}
}
}
}
}
}
}

?>
[/sourcecode]

Save the code, and run it on your webserver. I suggest you to run it at root path /

[sourcecode lang="bash"]php -q secure.php[/sourcecode]