WesleyC - 4:47 pm on Jun 15, 2012 (gmt 0)
Recently, a fairly major site I run for a university was attacked in a big way. The attacker spent about 2 hours and sent well over 150 http requests attempting to penetrate the site's security. This particular site has been attacked several times in the past, so I'd installed fairly advanced security systems, and had hardened the site as best I could (run all updates on software, fixed known security vulnerabilities in current software by hand until patches were released, that sort of thing).
The attacker was persistent enough that they were willing to spend 2 hours just trying to find a security vulnerability; with that kind of dedication and the knowledge of PHP they displayed they would certainly be able to write a custom script to embed. It's been done before on this site; for some reason the university site attracts this kind of attack.
So, onto my (very possibly paranoid) questions:
Brought to you by WebmasterWorld: http://www.webmasterworld.com