our website got hacked somebody downloaded the whole source code and sent an email to us.
seems like that person would demand ransom or anything.
We still can't find where is the door ( vulnerability ) through which he pulled all files.

Oh wow, life is real

@sam9669 surely he doesn't have sever credentials but still he manages to do it

@g-m-f codeigniter, mysql

ma be he first patched the hole haha

@g-m-f latest I guess its 3. Something credentials are changed and didn't found any malicious activity

@g-m-f I'm on this site, how do we use it?

@g-m-f I found only one thing critical, email library of CI and we are not using that

@g-m-f well yes we are using bitbucket, we assuming that he has some door where he uploaded any file through which he could download them all

@g-m-f. Yes its stored in private repo. I have thinked on it before but i don't think so

Silly question: are you 100% sure they have the full source code? Maybe they somehow had access to a small portion of code and now are trying some social engineering on you...
Have you used third part php libraries on your project? Maybe some of them have some known flaw/vulnerability...

Is your .git folder uploading to your web server? If so that's a very common method of getting access to the code.

If you have the persons email you could reply and ask them to tell you the vulnerability. Maybe they are not malicious.

@dfox yes .git folder is there how do we get data on it?

From it*

@dfox okay we don't have directory list enabled, but still I would try these commands

@dfox my command was failed with 404 status