Chapter 6. How the Bad Guys Do It
You are probably wondering, or at least you should be wondering, how "the bad guys" hack websites. I am in the camp of "Responsible Full Disclosure". I believe that if the bad guys are sharing information on how to break into sites, even the good guys should know about it. I have noted that on joomla.org the prevailing opinion is to "not show or tell". That's fine I guess, except it is derived from the false premise that doing so will encourage the bad guys who read it. And truly, there are some people who would attack other sites. However, there still needs to be a responsible disclosure because the bad guys are already reading the underground sites and exchanging this information. Yes, if your site is compromised don't publicize the URL, but share details about the attack such as where it came from (logs), and other information that will be useful for other administrators. Do NOT share the actual attack in public. Rather PM (Personal message) the security...