It's a common mis-conception among website owners that hackers would not be interested in their website because it doesn't contain any information worth stealing, or that hackers wouldn't be interested in attacking their friendly helpful site. The truth is that hackers can benefit from gaining control of any site - so you need to be secure.
So, how exactly can hackers benefit from taking over your site?
The most common use of a hijacked site is SEO spam - injecting links into your site which point to other sites, commonly, counterfeit trainers. This can increase the SEO ranking of a website being linked to by using the trust that Google has in the user's site. At the same time it has a very damaging effect on the attacked site's ranking. Once the hacker has managed to gain access to your site he will put in a "backdoor", some code hidden amongst the genuine files, which will allow them to return at any time and make more changes.
Sending Spam Emails
If the hackers are able to control your site they may also be able to set up scripts to send spam email from your server. Again this uses the trust that you have built up with Google over the years and damages it. The spam emails coming from your site and or domain could be advertising anything from fake trainers to hate speech.
Hackers could also use your site to distribute malware simply by uploading files and adding links to your pages. The links could look like genuine links on your site, but once clicked they infect the end user's machine and allow the hackers to use that computer as part of a Bot-Net.
All of these activities generate income from the spammers, often the numbers may be low, but the relative income levels in the country of origin of the hackers can make even modest gains highly desirable - especially when much of the work involved can be automated.
How to stop it
Most attacks stem from automated systems scanning the web for known vulnerabilities, hackers are looking for sites running on old versions of software with documented weaknesses that can be exploited. We mainly build websites using the Drupal CMS, which has a significantly better track record than other systems when it comes to hacking. The Drupal Security Team does a great job in managing threats and keeping the community covered.
The first line of defence is to keep all code up-to-date through a system of rapidly patching any code flagged as being vulnerable. Here at Turtlereality we provide this service to all of our web design projects as part of our hosting service, get in touch if you think we could help.