Why Would Someone Hack My Website?

June 20, 2016 in Cyber Attacks, Small Business

It is hard to keep track of all the websites that are compromised on a daily basis. Cybercriminals are constantly crawling the web for targets, and they’ll often go after websites you might not expect, such as a vegan cooking blog. So what does a hacker look for in a website? And why would they be tempted to attack your site? Here are some examples so you have an accurate picture of common website attacks.

Abby’s Flower Shop Delivers Fresh Malware to Your Door


Meet Abby, the owner of a very successful flower shop in South Carolina. She is known for her unique floral designs and exotic selection. Her website allows her customers to browse bouquets, order online and have them delivered to their homes. One day, much to Abby’s surprise, she was notified by her hosting provider that her website was suspended due to malware. Abby’s website was down for days, preventing her customers from browsing and making orders online.

Why would a cybercriminal be interested in attacking a flower shop’s website?

Abby’s customers enter their credit card numbers, email addresses and home addresses when they make purchases online— exactly the type of information cybercriminals are after. Once hackers have their hands on this sensitive data, they can sell it on the dark web.

What can Abby do to protect her website?

Abby can use a website scanner to find malware on her site. If malware is found, she is alerted immediately.

Another way Abby can prevent a website attack is through the use of an SSL Certificate. An SSL Certificate is used to establish a secure encrypted connection between a web browser and a web server. An SSL can secure credit card transactions, usernames and passwords from being stolen by hackers.

Joe’s Vegan Blog Cooks Up Comment Spam


Joe is the founder of a widely popular vegan food blog. He provides recipes, cooking tips and video tutorials to thousands of site visitors. Joe’s blog is very well respected and is even sponsored by leading food and beverage brands. His active readers often post in the comment section of his blog with questions, feedback and cooking experiences of their own.

Joe received an email from one of his readers informing him that another individual was posting comments to his blog promoting links to websites that sell shoes and handbags. Joe looked into the case and found his site was being saturated with links directing his traffic to various, suspicious sites. As it turns out, malicious bots were visiting Joe’s blog and infecting it with comment spam.

Why would cybercriminals be interested in hacking a vegan food blog?

Comment spam bots link to items they’re promoting, which redirect users to a spam website. From the spam site, the end-user is tempted to sign up for a mailing list or enter their credit card info to make an illegitimate purchase.

What can Joe do to protect his blog?

Joe can use a web application firewall (WAF) to help protect his blog from bad bots and other malicious traffic. A WAF can differentiate human traffic from bot traffic, allowing only good traffic to enter the site.

Joe could also present a CAPTCHA challenge to the visitors on his site. If a visitor is asked to complete the CAPTCHA challenge and fails, he can assume the attempted visitor was up to no good.

A Colorful Sermon at Howard’s Church


This is Howard. Howard volunteers his time by managing the open-source website for his local church. He is the go-to guy when the church wants to post new announcements and events. Howard was startled (to say the least) when he found the church’s website had been defaced by a group of hackers. A shocking and colorful statement replaced the church’s homepage—one that Howard needed to remove immediately.

Why would a hacker want to deface Howard’s church website?

A website defacement can be thought of as electronic graffiti because a cybercriminal, or group of criminals, will change the visual appearance of the targeted site. Typically, these attacks are motivated by religious or political reasons. Presumably the hacker responsible for defacing the church’s site has different religious views and wanted to make them known.

What can Howard do to protect his church’s website?

Luckily Howard kept frequent backups of the church’s website. Website attacks can destroy site content, so backups are crucial to recovering damage. Just like with Joe’s blog, Howard’s website can benefit from a web application firewall. A WAF can prevent hackers from uploading files or changing the site’s content.

Julia’s eCommerce Site Goes Down In Style


Julia is the owner of a trendy online boutique. Her customers are loyal to her brand and know that when they shop with her, they’re buying the latest fashion items. Her brand’s reputation is the driver of her business, and she can’t afford to have slow load time or glitches. When Julia’s site went down completely, she knew she had a serious problem.

Why would a hacker target Julia’s boutique?

Julia’s website is an ideal target for cybercriminals. Her customers can create and log in to their accounts using unique usernames and passwords. They can even save their personal financial information to their account, which is stored in Julia’s database. Cybercriminals used a DDoS attack to bring down Julia’s website. DDoS is a type of attack in which a hacker attempts to take down a website by flooding it with multiple requests. Once the site is down, they can exploit vulnerabilities from a website’s applications and database.

What can Julia do to protect her website?

To prevent a DDoS attack, a web application firewall must be used. A WAF can provide web application protection, infrastructure protection and DNS protection—all vital components for protecting against DDoS attacks.

In addition to a WAF, Julia should use a website scanner for her eCommerce site to detect any vulnerabilities hackers can exploit.

Protecting your online business is easy with SiteLock’s suite of web security solutions. Call 888.392.5868 any time of day to get started.

Latest Articles
Follow SiteLock