https://pastebin.com/YspPiWif
One of the websites hosted by a customer on our Cloud infrastructure was compromised, and the attackers were able to replace the home page with their banner html page. The log files output I have pasted above. The site compromised was PHP 7 with MySQL. >From the above log, can someone point out what exactly happened and how they are able to deface the home page. How to prevent these attacks ? What is the root cause of this vulnerability and how the attackers got access ? Any other logs or command line outputs required to trace back kindly let me know what other details I have to produce ? Kindly shed your expertise in dealing with these kind of attacks and trace the root cause and prevention measures to block this. Regards, Krish
