Actually it is that a web owner is supposed to have his duty to maintain the security of the web. For instance, normally, the users are allowed to upload txt and office files but not program script file. However, one time, the limitation was off without remembering to turn it back on. During that time, a user uploaded a script file and the script was just for listing the folder/file directory of the web. But unfortunately, during the listing, the user clicked a file which is used for erasing data. And then the criminal case happened.