Whether you have a site built with Joomla, or a site built with Wordpress, they are both vunerable to being hacked. Hackers range from inexperienced kids looking to get started to sophisticated crime syndicates. A script kiddie who has very little technical experience may simply go around defacing websites for fun and bragging rights, whereas a black hat hacking syndicate may spend more time evading malware scanners, developing complex command and control networks to maximize their impact, and monetizing compromised sites using SEO spam links and other methods.
Many clients ask me ‘but what do people have to gain from hacking my site? It isn’t even a shopping card site!’. Here are the top 9 reasons why hackers are constantly trying to hack into websites.
Hacker Motive #1: Installing Backdoors
A backdoor is a piece of code inserted somewhere on a site that provides an attacker with the ability to execute commands on the compromised site’s server. Once an attacker gains access, they can potentially escalate their privileges by exploiting kernel-level vulnerabilities to gain root access to the server, which would allow them to take over other sites hosted on the same server.
Hacker Motive #2: Defacement
Defacement occurs when an attacker alters the content, or face, of a site to something else typically with no real immediate benefit to themselves. This can be something as simple as a tagline like “This site was hacked by r0gu3 1: L33t Hax0rs” with a green cyber text background. Most of the time attackers will deface sites to send a political message or simply to show off. There is typically no monetary gain from defacing a site. A “Defacement Contest” is when attackers will attempt to deface as many sites as possible to claim victory over other attackers, purely for bragging rights.
Hacker Motive #3: Spam/SEO Content Injection
Spam/SEO content injection occurs when an attacker injects HTML containing visible or hidden links to external websites in hopes of improving the search engine ranking for those sites. This is mostly done for monetary gain. Attackers can be paid on the black market or dark web to improve site’s SEO rankings or they can aim to improve the SEO of their own sites by injecting these spam links into victim’s sites.
Hacker Motive #4: Spam Page Creation
Similar to spam links, spam pages try to boost a site in a highly competitive and profitable niche higher in the search engine result pages. Unlike spam links, however, these attacks consist of multiple HTML pages containing spam content injected into a compromised site. It can also involve spam pages being created within WordPress itself. Sites that have older domain names have higher authority ranking factors on search engines and are a more desirable target for attackers as the domain authority is also transferred to the spam pages created by the attacker. The motive for attackers in this scenario is monetization.
Hacker Motive #5: PHP Mailer Creation
A PHP mailer script sends emails on a server through PHP code. Attackers will often use these scripts on a compromised site to exploit the mailing functions of the server and send out unwanted spam messages. Spam usually refers to unsolicited emails designed to grab your attention to try and get you to purchase a product. Spam can also consist of emails designed to trick you into executing actions like entering your password, which would be considered phishing, or to initiate other common scams.
Why do attackers compromise sites to send spam?
It’s simple. You have a reputable and legitimate site, so sending spam emails from your site is an attractive target as it will take longer for an attacker to get detected and shut down. By using your site’s email service as the email source, an attacker is likely to bypass many email filters and their spam messages will get delivered successfully to more targets. Again, the motive here is to earn money and go undetected for as long as possible.
Hacker Motive #6: Phishing Campaigns
Phishing involves using legitimate-appearing emails to try and trick a user into performing some sort of action, such as logging in to a fake online banking site. Compromised WordPress sites can be used as a source of phishing emails being sent out, and they can host phishing pages posing as a different site in order to collect sensitive information. A phishing kit is essentially a bundle of files used to create a webpage resembling a legitimate site such as Google Drive or an online banking site. In these cases, your site would act as a free host for malicious attackers hosting a phishing page to harvest user details.
Hacker Motive #7: Malicious Redirects
Malicious redirects are used to redirect legitimate site users to an alternative site, typically in hopes of infecting the victim’s computer through a malicious download. Attackers like to install malicious software on user computers for a plethora of reasons, but it nearly always stems from one motive: monetization. Attackers will also sometimes choose to redirect site users to a spam site in hopes of selling products to, again, try and monetize.
Hacker Motive #8: Command & Control Server With a Botnet
A botnet is a group of already compromised hosts, referred to as “zombies,” typically used by an attacker to try and infect additional hosts or execute a DDoS attack. This is a motive where attackers don’t necessarily care about the visibility or traffic to your site, but rather they are looking to utilize your site’s hosting resources.
Hacker Motive #9: Cryptomining
Cryptomining infections occur when attackers infect sites with cryptominers, which are used to earn cryptocurrency, which is a digital form of currency utilizing a blockchain. This is another scenario where the attacker’s motive doesn’t require your site to be visible or popular, but rather the site’s hosting resources (or visitors) are exploited to provide monetary gain to the attacker.
Source: https://www.wordfence.com/blog/2020/09/the-hacker-motive-what-attackers-are-doing-with-your-hacked-site/?utm_campaign=Wordfence%20Blog%20Emails&utm_medium=email&_hsmi=95369867&_hsenc=p2ANqtz--3Xc1JHgR6vTN3f_61vRWewiqB-2hHfBSL_BA1kZJKdFGlh0pfpwIECUPuDDLsuB53KqcXPtiC_aZgGLBI-L0ty0vJ9Q&utm_content=95369867&utm_source=hs_email