top | item 22430478

(no title)

I don’t know for certain, not op, but sounds like since they pushed the env file, it may have been accessible via URI and since it had all the credentials and host info to access the database, thats all the attacker messed with... and that is more than enough.

discuss

ngranja19|6 years ago

Haha exactly that was what happened (I guess). My mistake was not only pushing the .env file but also how I stored my Laravel files in the server leaving everything in a public directory where everyone can access to it... :Facepalm:

gentleman11|6 years ago

I usually make sure my .env files are in my .gitignore, but honestly its just my memory that prevents me from slipping up one day.

Is there an automated strategy that protects against slipups like this?