M
M
maiskiykot2020-10-21 10:31:45
Laravel
maiskiykot, 2020-10-21 10:31:45

How to catch a spammer in laravel?

There is a test build of Laravel. In it from everywhere on the flap. The project is purely for myself - to get my hands on it, as it were. And there is a constant hacking of the mailbox. Those. the server's only mailbox somehow becomes available to the spammer. Naturally, except for the .env file, I do not specify the password for the box anywhere. Hence the question: how does this bastard find out the password? There was a suspicious account that was left from some Laravel component - deleted it. However, the spam has returned. There is no activity of any users in the logs at all. The hoster swears that mail is not sent from the server at all. Those. People somehow get to the hosting, pull out the password from .env and throw their spam. How to catch him? Thank you!

Answer the question

In order to leave comments, you need to log in

2 answer(s)
M
maiskiykot, 2020-10-22
@maiskiykot

As promised, I post the solution to the problem. He himself was in shock - everything seems so simple and at the same time ridiculous. It turns out that most Laravel sites simply open the site.com/.env page in the browser ! Who would have thought that such a reliable system does not have the protection of its own system files by default! Accordingly, after adding two lines to .htaccess, the spammers went to hell with butterflies!

P
P747, 2020-10-21
@P747

Hello. Upload the site on Github, they have an extension that finds known vulnerabilities in assemblies. I have a business card site on Symfony without any forms, they also broke into several times through vulnerabilities

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question