[artursapek]

On my second pageview I was greeted with a big alert saying "this website is not very secure."

Kind of ridiculous.

[prezjordan]

Looks like someone went with a SQL injection [0] (right after I read this!)

[0]: https://cloudup.com/cttFEZd2cL6

[artursapek]

Aaaand it's off the front page. It's actually inaccessible now, someone used XSS to redirect here whenever I open the home page. lol

[koi]

not sure how that happened, its a cakephp site and I assumed the framework provided some protection against sql injection. its good its hacked now so I know to fix it

[krapp]

I assumed the framework provided some protection against sql injection.

Some frameworks consider security out of the box to be beneath them. You should never assume you're secure even with a framework until you've gone combing through the docs and found where the security is, if it's anywhere, and if it's not anywhere because they spent all their effort on making it look and act like Ruby on Rails, how to get it.

[orf]

Stop making websites and start reading about web app security, the OWASP top 10 is a good place to start.