New ask Hacker News story: My web app was hacked today:( – Bad experiences and how to prevent them?
My web app was hacked today:( – Bad experiences and how to prevent them?
2 by ngranja19 | 0 comments on Hacker News.
Today my web app ViralQuotes was hacked. My DB was erased, instead, there was a new table called Warning with a message 0.08 BTC to recover my DB. After 5 hours I was able to rebuild my DB, but unluckily I lost all my historical data within my 400+ users data among them. Of course, there are some lessons learned about it: Don't forget to set up regular backups. I know, I was really silly for not doing it, but I never thought that someone would hack my insignificant website. So, stop what you are doing, and go and set up some way to back up your DBs and significant files at least once a day. Some providers offer it for a few extra bucks a month. Don't be like me, maybe your product is not generating thousands of dollars and you think that no one will waste his time hacking your site, but remember that is important for you and that's is enough. After looking into how that could happen, I realized that I pushed to my server my .env file with all the database credentials in it, which Is pretty simple access to it especially if you use Laravel. I found out that is a pretty common mistake, If you google DB_USERNAME filetype:env you will find thousands of Laravel env files exposed Therefore, remember to actually set your variables from the .env file as environmental variables in your server and destroy any .env file that is around there. For sure there are more lessons to learn about this, but I realized that I Would like to hear if some of you have had bad experiences like this one, and what do you recommend to prevent them?. Cheers, Nico
2 by ngranja19 | 0 comments on Hacker News.
Today my web app ViralQuotes was hacked. My DB was erased, instead, there was a new table called Warning with a message 0.08 BTC to recover my DB. After 5 hours I was able to rebuild my DB, but unluckily I lost all my historical data within my 400+ users data among them. Of course, there are some lessons learned about it: Don't forget to set up regular backups. I know, I was really silly for not doing it, but I never thought that someone would hack my insignificant website. So, stop what you are doing, and go and set up some way to back up your DBs and significant files at least once a day. Some providers offer it for a few extra bucks a month. Don't be like me, maybe your product is not generating thousands of dollars and you think that no one will waste his time hacking your site, but remember that is important for you and that's is enough. After looking into how that could happen, I realized that I pushed to my server my .env file with all the database credentials in it, which Is pretty simple access to it especially if you use Laravel. I found out that is a pretty common mistake, If you google DB_USERNAME filetype:env you will find thousands of Laravel env files exposed Therefore, remember to actually set your variables from the .env file as environmental variables in your server and destroy any .env file that is around there. For sure there are more lessons to learn about this, but I realized that I Would like to hear if some of you have had bad experiences like this one, and what do you recommend to prevent them?. Cheers, Nico
Comments
Post a Comment