Answer the question
In order to leave comments, you need to log in
M
M
maiskiykot2020-10-21 10:31:45
maiskiykot, 2020-10-21 10:31:45
How to catch a spammer in laravel?
There is a test build of Laravel. In it from everywhere on the flap. The project is purely for myself - to get my hands on it, as it were. And there is a constant hacking of the mailbox. Those. the server's only mailbox somehow becomes available to the spammer. Naturally, except for the .env file, I do not specify the password for the box anywhere. Hence the question: how does this bastard find out the password? There was a suspicious account that was left from some Laravel component - deleted it. However, the spam has returned. There is no activity of any users in the logs at all. The hoster swears that mail is not sent from the server at all. Those. People somehow get to the hosting, pull out the password from .env and throw their spam. How to catch him? Thank you!
2 answer(s)
@maiskiykot
M
maiskiykot, 2020-10-22 @maiskiykot
As promised, I post the solution to the problem. He himself was in shock - everything seems so simple and at the same time ridiculous. It turns out that most Laravel sites simply open the site.com/.env page in the browser ! Who would have thought that such a reliable system does not have the protection of its own system files by default! Accordingly, after adding two lines to .htaccess, the spammers went to hell with butterflies!
Similar questions
P
D
N
C
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question