One of the websites hosted by a customer on our Cloud infrastructure was compromised, and the attackers were able to replace the home page with their banner html page.
The log files output I have pasted above.
The site compromised was PHP 7 with MySQL.
From the above log, can someone point out what exactly happened and how they are able to deface the home page.
How to prevent these attacks ? What is the root cause of this vulnerability and how the attackers got access ?
Any other logs or command line outputs required to trace back kindly let me know what other details I have to produce ?
Kindly shed your expertise in dealing with these kind of attacks and trace the root cause and prevention measures to block this.
Regards,
Krish
