Level 11
Try to change hosting and maybe use Laravel Forge service, which configure your server and patch security update automatically !
May 9, 2017
7
Level 2
Hacked again :(
I have developed all of my projects in laravel (5.2). Now my sites are being hacked by some indonesian group. I don't know who to blame, hosting company or the code itself. I was warned about viruses while uploading the whole files of my project, is it the cause or is there any security add in hosting. I have changed my password about 255 characters long after my 1st site had been hacked.
Level 5
Quick question: is your .env file readable from outside?
Level 14
Along with what @ModestatsV said (good call on that one, btw), you should check .env.example as well. If you've placed private data (login creds, etc) into that file and it's being pushed to github, that could be a problem.
Level 67
As others mentioned, go to http://yoursite.com/.env and see if you didn't prevent .env from being listed.
Level 8
Also make sure the public facing folder is not set for 777, or writable by the web server user.
Level 1
One more thing along side of out have been said here. If you're placing everything in public folder. You need to remove dev-dependencies like unit testing especially phpunit. Check this video. https://www.youtube.com/watch?v=ZN5XE1N9aA8
Please or to participate in this conversation.