On greenrobot.com there was a publicly available sql file for a very long time. (not linked anywhere) I removed it. It was from a database backup that for some reason was in public html from I think my time making apps in the facebook app platform days. I have scanned servers manually and also built an automated security scanner and believe there are no more files publicly that shouldn’t be.
I’m sorry. Thanks for websafety.ninja for notifying me there was a vulnerability but not to confirm exactly what it was. It convinced me to scan what was being served and build an automated security scanner for all my domains. This server did not contain any passwords. I used Facebook login for all my apps during that period. I do not collect credit card data. In the future my apps will be more secure I hope. During that time period I developed apps more on the server than locally due to FBML feature from Facebook. I now have switched to local machines for dev and utilize code review from CodeRabbit going forward for most stuff.
Edit: Thinking back, I can’t remember ever putting a file in the web root like that file. I have complained previously about my phone being hacked with a Pegasus like virus that sent horrendous and scary texts I didn’t write and a mac virus that popped up a White House tweet while I was viewing Donald Trump’s tweets. I’d be happy to describe phone hacking more, I have a pinned post on this blog blog.greenrobot.com, but I think it could be that the hackers had access to my computer as well as phone, and in that case they could have had access to my greenrobot.com server as well. If anyone can refer me to someone really technical to talk to about my Pegasus hacking virus please let me know. It’s really disappointing to think about it.
Edit2: I think the file was from a database backup. I didn’t look at the file. I just moved it out of web root.
Edit3: Posted this on LinkedIn, Twitter, Facebook:
Either I messed up and put a sql data file in web root at some point or whoever hacked my phone, mac, or hacked my server and re-added a safety link to greenrobot.com years ago (not me, while I was on a call with ex coworker) did it