newbie programmer here, i was trying to edit my twilio auth token as a necessary step to getting my account un-suspended because someone had access and was sending spam sms (from amazon) when i fount this in the files
AWS_ACCESS_KEY_ID=AKIARVCAGCHDOPJ64U7J
AWS_SECRET_ACCESS_KEY=...
AWS_DEFAULT_REGION=us-east-2
AWS_BUCKET=kani-spicy-images
AWS_VISIBILITY=public
Considering i dont have any aws accounts and have no idea what this is doing in my application wanted to see if its some sort of backdoor entry to the app? and possibily the avenue through which the attacker was able to use my account to spam?
This obviously happens when you are hosting on a cPanel. You uploaded the env file attached to your code and left it at the root of your server. That is very illegal and exposed. But this is what I suppose happened. Your cPanel got hacked, the env file exposed and the script added, that script is probably sending illegal contents.
First of all, change your cPanel password, delete the AWS variables and look through your files for unexpected files. You can report the situation to your providers which is helpful if you do.
Secondly, move your public folder below the root folder and update the bootstrap.php file to locate the moved public folder. It's secured this way.
Lastly, I am not sure about any backdoors, but there are better hosting platforms, secure and Laravel dedicated. Forge, Fort Rabbit, etc. Add Heroku to the list but not Laravel dedicated hosting.
The env file is usually not included when deploying to production but it's obvious you can't ignore it while you host on cPanel.