The website ransomware attack should be a general attack. Because it is a website under development, only two people are logging in and checking the log. The attacker only did it a few times and then came in. Then he deleted the database and replaced it with the ransom information. .
The hacker's code should have exploited the PHP vulnerability, and must have obtained the database information of datebase.php, and because the database did not restrict the remote IP, it was hacked.
The problem lies in datebase.php. If it is encrypted, hackers are probably too lazy to decrypt it, so I ask the experts who know how to do it.
I feel that if PHP does not solve this mechanism problem, it will eventually be abandoned! !
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Safety dogs solve this problem
Is this a php problem?
Why doesn’t the database disable remote IP?