Looking for a collaborator for ViralQuotes
Today my web app ViralQuotes was hacked. My DB was erased, instead, there was a new table called Warning with a message 0.08 BTC to recover my DB.
After 5 hours I was able to rebuild my DB, but unluckily I lost all my historical data within my 400+ users data among them.
Of course, there are some lessons learned about it:
Don't forget to set up regular backups.
I know, I was really silly for not doing it, but I never thought that someone would hack my insignificant website. So, stop what you are doing, and go and set up some way to back up your DBs and significant files at least once a day. Some providers offer it for a few extra bucks a month.
Don't be like me, maybe your product is not generating thousands of dollars and you think that no one will waste his time hacking your site, but remember that is important for you and that's is enough.
After looking into how that could happen, I realized that I pushed to my server my .env file with all the database credentials in it, which Is pretty simple access to it especially if you use Laravel.
I found out that is a pretty common mistake, If you google
DB_USERNAME filetype:env you will find thousands of Laravel env files exposed
Therefore, remember to actually set your variables from the .env file as environmental variables in your server and destroy any .env file that is around there.
For sure there are more lessons to learn about this, and maybe is a good opportunity for everyone to share some bad experience they had, and how to prevent them in the future.