Comment by forgetfreeman

Back before the Laravel folks utterly misguided but weirdly popular attempts at turning PHP into JavaScript gutted the Drupal community (your boos mean nothing, I've seen what makes you cheer) one of the most common outcomes of a site getting hacked was malware-infested porn sites would be uploaded to the site server. This failure mode wasn't particular to Drupal, it's just what happened when websites got hacked. This was the same period of time when the Drupal project was reporting ~16M active installs, had literally thousands of developers volunteering code to the core development project, a dedicated security team, and an automated test suite that ran around the clock.