Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
rehman15168y@g-m-f latest I guess its 3. Something credentials are changed and didn't found any malicious activity
-
rehman15168y@g-m-f I found only one thing critical, email library of CI and we are not using that
-
rehman15168y@g-m-f well yes we are using bitbucket, we assuming that he has some door where he uploaded any file through which he could download them all
-
rehman15168y@g-m-f. Yes its stored in private repo. I have thinked on it before but i don't think so
-
Silly question: are you 100% sure they have the full source code? Maybe they somehow had access to a small portion of code and now are trying some social engineering on you...
Have you used third part php libraries on your project? Maybe some of them have some known flaw/vulnerability... -
dfox426038yIs your .git folder uploading to your web server? If so that's a very common method of getting access to the code.
-
spacem18368yIf you have the persons email you could reply and ask them to tell you the vulnerability. Maybe they are not malicious.
-
rehman15168y@dfox okay we don't have directory list enabled, but still I would try these commands
Related Rants
our website got hacked somebody downloaded the whole source code and sent an email to us.
seems like that person would demand ransom or anything.
We still can't find where is the door ( vulnerability ) through which he pulled all files.
undefined
hacker
source code
dev