Email smtp credentials keep getting compromised every now and then (laravel 7)
Solution 1:
Are you using nginx? I had the same issue. Following the tip of @PetrChloupek, I analysed the access logs (/var/log/nginx/access.log) and found out that sometimes an agent could get a 200 out of "/.env". It turned out that the configuration of the nginx was so that when using just the ip (v.g. 12.244.21.21 instead of "mywebsite.com") the malicious agent hitted the /var/www/html and not the public folder, as specified in the nginx conf file, since this dealt only with the specified host (v.g."mywebsite.com").
Solution 2:
There is a known issue with developers leaving APP_DEBUG = true
on live systems, this means you can trigger a debug page output that contains the .env
keys and values.
https://www.mailgun.com/blog/a-word-of-caution-for-laravel-developers/
An easy way to trigger the issue, if vulnerable, is make an unsupported request, e.g. a POST / PUT request to a known GET route such as the site index '/', this will in cases where DEBUG is set to true output all the envrionment variables.