The short answer is no. We don’t store that kind of data.
The longer answer is on the internet there are bad actors swarming every IP address known with scripts looking for vulnerabilities like this where the .env has been inadvertently exposed.
There are many reasons for this; the .env is one, but you are also exposing the vendor/ directory which is another attack vector that could be used against you.
Of course, it actually is already set like that, and I used certbot to use port 443 with ssl certs instead of port 80.
But the pesky default of NGINX point to the root instead of the public, I deleted it at first but for some unknown reasons, it got regenerated which exposed my .env
I also redirected the http to https, but because of the default file of NGINX , if they pinged my domain, then they got the IP and therfore could get the .env by simply going to
You can also consider Cloudflare DNS. I know with certbot, you will install a certbot cloudflare ddns extension, and edit your certbot scripts for it, but it is worth it. Cloudflare for free proxies all the 443 traffic to your server, and intercepts and blocks anyone attempting to connect to your server https with direct IP. Even running wget https://((ip address))/.env would return an SSL error.
I was testing with my self-hosted InvoiceNinja instance a bit and I was a bit confused that I got a HTTP200 when trying https://domain.tld/.env. It was an empty Zero Byte document, but I still got a HTTP200 and I do not know why this was not a HTTP4xx.
Well, I modified my DOCKER Ngnix vHost config as described below: