Why do websites get hacked?

A Data Center
Why is my website interesting for hackers at all?

I only have a small website with a few users. Why am I even interesting to hackers?

The days of hacking websites simply for fun, to place an “ash” message, or to wantonly destroy website data are long gone. Meanwhile, more illegal money can be made from cybercrime than from drug trafficking.

Large companies are often more likely to be attacked by very savvy hackers in order to obtain targeted data (personal data, banking data, product data, company internals). For the mass of normal hackers, it is not so much the large companies that are targeted; these often have good IT departments and security precautions and are much harder to attack. This is troublesome.

Therefore, in anonymous, often software-driven mass attacks, small websites are particularly affected, predominantly those with such popular installed programs as WordPress. Here, security precautions are usually lower, operators are more inexperienced, software is not up to date – and many website operators do not even notice a hostile takeover. Until they suddenly realize that web browsers are triggering alerts or Google has banned the page from the index with a “hacked” warning and therefore you are suddenly “invisible” to the world. Such mass attacks cast the wide net and look at what unsecured websites are left hanging as a favorable opportunity. Spying on data is then also not the primary goal.

Therefore, even the small website is a potential target, no matter how many users it has, what kind of content it shows and what data it manages.

What is a hacked website useful for a hacker?

  • To secretly install software for illegal so-called “bot networks”. This network is rented out by hackers for all sorts of illegal purposes, for example, remote attacks on other websites (DDOS attacks);
  • to encrypt the website and release it again for a ransom (ransomware) – stupid if you don’t have a backup then;
  • for “Black Hat SEO” by placing dubious links to other websites (and renting such links) in order to increase the reputation of the target pages in Google;
  • it also illegally diverts server processing power to lucrative BitCoin mining systems;
  • illegal data (e.g. porn) is cached;
  • the server is misused for sending mass mails (spam),
  • fictitious target pages are created in connection with “phishing e-mails” in order to capture data from e-mail users;
  • websites are sometimes used for political purposes (defacements) by placing messages there;
  • and, and…


In addition, backdoors (secret access points, often in the form of a hidden administrator account) are usually created, allowing a hacker to remotely install new malware if the previously installed software is discovered or another is needed.


If a site has been hacked, the website operator should act quickly, for example due to legal requirements (e. g. B. GDPR, KRITIS) or existing contracts with providers, or simply because Google places a warning notice on the website or throws it out of the index immediately.

In addition, it will happen that the own page is not displayed in browsers or only with a warning notice and Google does not show the website in the search results at first.

DISCLAIMER: The TBA-Berlin is not a law firm. The content provided here is for general information purposes only and does not constitute legal advice. We recommend that you seek independent legal advice before taking or refraining from taking any action based on the content provided here.

TBA-Berlin makes no representations or warranties, express or implied, as to the accuracy, adequacy, validity, reliability, availability or completeness of the information referenced herein. Your use or reliance on any information contained herein is for your personal use and solely at your own risk.

More news

Email account hacked? What is to be done?

Do you suspect that your email account has been accessed and used by strangers?
For example, are there suspicious emails on the email account that have nothing to do with you, mails in the outbox folder, suspicious replies to mysterious emails?
We give you tips on what to do then. Our customers are also welcome to contact us. We are at your side with advice and support.

Continue reading »