I have a bit of a complex set up with all my sites and services, mainly due to using a multitude of different tools and languages to deploy different things. Currently, I have one main OVH server which most of my stuff is hosted on, including different database engines, Node.js and PHP apps.
Do you use git to manage your site and or server files? In my opinion, this is undoubtably a good way to run things but you need to make sure it’s secure. Just try going to yoursite.com/.git/config. If you haven’t secured your server properly, you will see the configuration file for your git repository. Not good, huh? Not only could an attacker reveal lots of information about your code base including where the upstream server is, I believe they could possibly get the entire source. This would allow the attacker to see exactly how the site works and be able to exploit it very easily.
Now, the good news. It’s an easy fix!