Hacking a server is a lot harder IMO. Putting API keys in environment variables on the server is the most practical idea. I feel It is a lot easier to do "man-in-the-middle" attack on a website to manipulate data.
You can filter access to your server to allow data coming in from a few points. Also logging in through ssh with RSA Keys make it almost impractical to break that password.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hacking a server is a lot harder IMO. Putting API keys in environment variables on the server is the most practical idea. I feel It is a lot easier to do "man-in-the-middle" attack on a website to manipulate data.
You can filter access to your server to allow data coming in from a few points. Also logging in through ssh with RSA Keys make it almost impractical to break that password.