mchiasson

mchiasson

Member Since 3 Years Ago

Experience Points
2,070
Total
Experience

2,930 experience to go until the next level!

In case you were wondering, you earn Laracasts experience when you:

  • Complete a lesson — 100pts
  • Create a forum thread — 50pts
  • Reply to a thread — 10pts
  • Leave a reply that is liked — 50pts
  • Receive a "Best Reply" award — 500pts
Lessons Completed
13
Lessons
Completed
Best Reply Awards
0
Best Reply
Awards
  • start-engines Created with Sketch.

    Start Your Engines

    Earned once you have completed your first Laracasts lesson.
  • first-thousand Created with Sketch.

    First Thousand

    Earned once you have earned your first 1000 experience points.
  • 1-year Created with Sketch.

    One Year Member

    Earned when you have been with Laracasts for 1 year.
  • 2-years Created with Sketch.

    Two Year Member

    Earned when you have been with Laracasts for 2 years.
  • 3-years Created with Sketch.

    Three Year Member

    Earned when you have been with Laracasts for 3 years.
  • 4-years Created with Sketch.

    Four Year Member

    Earned when you have been with Laracasts for 4 years.
  • 5-years Created with Sketch.

    Five Year Member

    Earned when you have been with Laracasts for 5 years.
  • school-session Created with Sketch.

    School In Session

    Earned when at least one Laracasts series has been fully completed.
  • welcome-newcomer Created with Sketch.

    Welcome To The Community

    Earned after your first post on the Laracasts forum.
  • full-time-student Created with Sketch.

    Full Time Learner

    Earned once 100 Laracasts lessons have been completed.
  • pay-it-forward Created with Sketch.

    Pay It Forward

    Earned once you receive your first "Best Reply" award on the Laracasts forum.
  • subscriber-token Created with Sketch.

    Subscriber

    Earned if you are a paying Laracasts subscriber.
  • lifer-token Created with Sketch.

    Lifer

    Earned if you have a lifetime subscription to Laracasts.
  • lara-evanghelist Created with Sketch.

    Laracasts Evangelist

    Earned if you share a link to Laracasts on social media. Please email [email protected] with your username and post URL to be awarded this badge.
  • chatty-cathy Created with Sketch.

    Chatty Cathy

    Earned once you have achieved 500 forum replies.
  • lara-veteran Created with Sketch.

    Laracasts Veteran

    Earned once your experience points passes 100,000.
  • 10k-strong Created with Sketch.

    Ten Thousand Strong

    Earned once your experience points hits 10,000.
  • lara-master Created with Sketch.

    Laracasts Master

    Earned once 1000 Laracasts lessons have been completed.
  • laracasts-tutor Created with Sketch.

    Laracasts Tutor

    Earned once your "Best Reply" award count is 100 or more.
  • laracasts-sensei Created with Sketch.

    Laracasts Sensei

    Earned once your experience points passes 1 million.
  • top-50 Created with Sketch.

    Top 50

    Earned once your experience points ranks in the top 50 of all Laracasts users.
Level 1
2,070 XP
Oct
24
1 month ago
Activity icon

Replied to How Do I Keep Getting Hacked On PHPUnit?

This is a solid point. Out of curiosity when using Git how to I exclude 'require dev'? When I make the changes to my local dev environment I usually just add all with Git which would then apply same composer changes to my production server.

What is the better method here? I usually exclude .ENV file from Git, do people usually exclude composer and go manually adjust those on production also?

Thanks.

Jul
02
5 months ago
Activity icon

Started a new Conversation How Do I Keep Getting Hacked On PHPUnit?

I need to secure my install a bit better as it was installed as a subdomain of my root. I do have .htaccess restrictions to block .ENV access but still keep manage to see a hacked page popup once in a while on my server monitoring. Each time it looks like a PHP Webshell gets uploaded.

When looking at my raw access logs it shows a lot of different requests to PHPUnit and I'm curious if that is the flaw in my system. My Env is set for App_Debug=False. Below is a snippit of my logs, you can see them sending get/post requests to alpha.php in phpunit and then also eventually they have access to a phpshell of '/wp-includes/css/dist/list-reusable-blocks/pwjs4ahasd.php' in an above level wordpress install.

109.127.13.152 - - [29/Jun/2019:19:20:30 -0400] "POST /portal.MYDOMAIN.com/MYDOMAIN-back-office//vendor/phpunit/phpunit/src/Util/PHP/alfa.php HTTP/1.1" 200 146160 "http://MYDOMAIN.com/portal.MYDOMAIN.com/MYDOMAIN-back-office//vendor/phpunit/phpunit/src/Util/PHP/alfa.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0"
109.127.13.152 - - [29/Jun/2019:19:20:32 -0400] "POST /portal.MYDOMAIN.com/MYDOMAIN-back-office//vendor/phpunit/phpunit/src/Util/PHP/alfa.php HTTP/1.1" 200 10536 "http://MYDOMAIN.com/portal.MYDOMAIN.com/MYDOMAIN-back-office//vendor/phpunit/phpunit/src/Util/PHP/alfa.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0"
109.127.13.152 - - [29/Jun/2019:19:20:34 -0400] "POST /portal.MYDOMAIN.com/MYDOMAIN-back-office//vendor/phpunit/phpunit/src/Util/PHP/alfa.php HTTP/1.1" 200 3141 "http://MYDOMAIN.com/portal.MYDOMAIN.com/MYDOMAIN-back-office//vendor/phpunit/phpunit/src/Util/PHP/alfa.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0"
109.127.13.152 - - [29/Jun/2019:19:20:41 -0400] "POST /portal.MYDOMAIN.com/MYDOMAIN-back-office//vendor/phpunit/phpunit/src/Util/PHP/alfa.php HTTP/1.1" 200 3909 "http://MYDOMAIN.com/portal.MYDOMAIN.com/MYDOMAIN-back-office//vendor/phpunit/phpunit/src/Util/PHP/alfa.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0"
109.127.13.152 - - [29/Jun/2019:19:20:46 -0400] "GET /portal.MYDOMAIN.com/MYDOMAIN-back-office/vendor/knplabs/knp-snappy/src/Knp/new.php HTTP/1.1" 404 73885 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0"
109.127.13.152 - - [29/Jun/2019:19:20:48 -0400] "GET /wp-includes/css/dist/list-reusable-blocks/pwjs4ahasd.php HTTP/1.1" 200 319 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0"
109.127.13.152 - - [29/Jun/2019:19:20:52 -0400] "POST /wp-includes/css/dist/list-reusable-blocks/pwjs4ahasd.php HTTP/1.1" 200 8038 "http://www.MYDOMAIN.com/wp-includes/css/dist/list-reusable-blocks/pwjs4ahasd.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0"
109.127.13.152 - - [29/Jun/2019:19:21:33 -0400] "GET / HTTP/1.1" 301 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0"
109.127.13.152 - - [29/Jun/2019:19:21:59 -0400] "POST /portal.MYDOMAIN.com/MYDOMAIN-back-office//vendor/phpunit/phpunit/src/Util/PHP/alfa.php HTTP/1.1" 200 11910 "http://MYDOMAIN.com/portal.MYDOMAIN.com/MYDOMAIN-back-office//vendor/phpunit/phpunit/src/Util/PHP/alfa.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0"
109.127.13.152 - - [29/Jun/2019:19:22:15 -0400] "GET /wp-includes/css/dist/list-reusable-blocks/pwjs4ahasd.php HTTP/1.1" 200 8038 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0"
109.127.13.152 - - [29/Jun/2019:19:22:25 -0400] "POST /portal.MYDOMAIN.com/MYDOMAIN-back-office//vendor/phpunit/phpunit/src/Util/PHP/alfa.php HTTP/1.1" 200 7199 " ```
Any suggestions? This weekend I'll go separate these domains into different cPanel directories.

Want us to email you occasionally with Laracasts news?