10 reasons why your website is being hacked — Gosign – En todo el mundo en infraestructura de IA y soluciones CMS empresariales
  • DE DE DE de
  • EN EN EN en
  • ES ES ES es
  • FR FR FR fr
  • BR BR BR br
Talk to us!  +49 40 609 40 79 40
alternate Logo
  • Services
  • References
  • Magazine
  • Team
  • Contact
  • EN
    • DE
    • ES
    • FR
    • BR
  • Search
  • Menu Menu
Author of the Article

PUBLISHED ON 24.10.2017
BY Bert Gogolin

Cybersecurity, Practical Experience

10 reasons why your website is being hacked

It’s actually quite simple: you update all the software components of your website promptly after a security patch has been released. If you don’t do this, your website will be hacked and misused. Sooner or later, guaranteed and without exception. The damage is usually incalculable.

Most companies are unaware that without rapid security updates to their web infrastructure, they will soon be infiltrated.

We have taken on many hundreds of web projects over the last few years, in hosting, maintenance or for a relaunch. The update situation was usually – to put it mildly – in need of improvement. Five-year-old editorial systems were not uncommon, and the servers were generally unpatched. But the worst thing here is the customer’s ignorance. The expectation is always to have a secure system. However, the willingness to spend money on this has not yet been learned. The previous agency quickly gave up with update recommendations for the editorial system and had no real idea about the server software.

The worst-case scenario is tacitly accepted by everyone involved. When asked about it, they say:

We then install a backup and everything is fine again.

Hardly anyone has any real idea what the consequences of a hack can be. As a rule, however, a hack is a total loss, and you can never be sure that it will ever be 100% repaired.

Who would want to harm us? There’s nothing to be gained from us!

Hackers make money with your server

Today, a hacker no longer necessarily breaks into a server, he breaks into a security hole. And preferably on 1,000,000 servers at the same time. Fully automated, a few days or even a few hours after the security update has been released and the hacker has analyzed or reverse engineered it. He writes himself a robot script that does the work for him. 20-30% of all website visits today are from robots – and not just those from Google and Bing.

So it doesn’t matter that there is nothing usable on the server from the customer’s point of view. Checking this beforehand is far too time-consuming for the hacker.

We had to learn that our customers can only assess the extent and the real danger if they understand why a hacker hacks web servers in the first place. The hacker usually only wants one thing: to earn money. To do this, he sells server content or rents server power to other hackers. Not individually, but in bundles of 1,000 to 5,000,000 servers. Without claiming to be exhaustive, I have therefore written down 10 reasons why someone uses this hacker service.

#1 Customer data

The actual customer data may be irrelevant. For example, only whether a newsletter subscription exists or not is stored there. But a combination of usernames and passwords is always a good find for hackers. This is because they can then try them out on other relevant sites. For example, a PayPal account is hacked because the login details were identical on a hacked website. People use the same password far too often.

#2 Hacking to hack others

A server is used to hack other servers. The aim is usually to make tracing more difficult. For example, if the White House is hacked, the NSA could only see which computer the hack came directly from. In other words, your web server may have hacked the White House.

#3 Drive-by hack

Hackers rent hijacked servers in order to spread viruses via the websites there. In this case, a malicious code is deposited that allows visitors to the site to catch a virus.

#4 DDoS attacks

DDoS attacks from many hacked servers on one target paralyse web servers or entire networks. This is like switching off the power. So many requests are generated that the target server can no longer respond. Hackers do this on behalf of a competitor, for example to shut down their store. The competitor then loses sales, customer trust and Google ranking. Automated hijacked servers are sometimes made available for such attacks via APIs.

#5 Viagra links

The hacker receives money for traffic to his customers’ sites, i.e. for the number of clicks, by changing links. Sometimes this happens obviously or very well hidden, for example when only some of the requests are redirected. Then the wrong links may not be noticed until much later.

A hospital once approached us:

“Somehow there’s something wrong with Google. Whenever we search for our site on Google, we always find Viagra references. But everything is correct on our site.”

#6 SEO hack

The hacker uses his captured servers to perform SEO optimization for his customers. For example, he invisibly places Viagra links on the website that are only visible to search engines. This increases the number of external links to the target server and thus the ranking of his client’s website. And he gets paid for it.

#7 Spam emails

Trustworthy servers that send emails sell well. The hacked servers generate revenue per minute by sending spam.

For example, a Formula 1 racing circuit approached us because they always ended up on anti-spam blacklists. They couldn’t send any emails because they were blocked, but instead of investigating the reasons, the admin just went to a lot of trouble to keep getting deleted from these blacklists. In the end, it turned out that several hundred million emails had been sent via his server.

#8 Mining Bitcoins

Hackers use the servers under their control to create bitcoins themselves with these server farms: The power consumption of the hacked server increases, its computing power decreases.

#9 Peer-to-peer to illegal file sharing

The hacked server is used to provide illegal downloads/movies.

We once had a bank approach us because their site was so slow. We first tested the system on our own servers and everything was fine. A network traffic analysis revealed the problem: There were films from an exchange platform on the server, 95% of the server space was occupied, 100% of the bandwidth was being used for the films.

#10 Tor Exitnode

The aim of the Tor network is to make anonymous surfing possible. Anyone can use it for different things – but also to avoid being prosecuted. The exit point is a weak point of Tor. If someone provides an exit point for the Tor network, it can become the starting point for criminal investigations. Hackers use infiltrated servers to create exit points that are not provided voluntarily and also have the ability to manipulate outgoing traffic.

Where are the targets?

  1. The server and its services: e.g. PHP, Java, MySQL etc.
  2. Every web software has potential security vulnerabilities

What can you do?

  1. Update the web software as soon as a new version is available
  2. Keep the server(s) and their services up to date
  3. Make sure that a web application firewall is active
  4. Regularly test the watertightness of your forms with intrusion tests by a qualified agency
  5. Regular penetration tests by the same agency uncover security gaps in good time, before a hacker does
  6. An SSL certificate is now mandatory and protects data transmission
Share this article
back to overview
Bert Gogolin

YOUR CONTACT PERSON

Bert Gogolin

I founded Gosign in 2001 of all years. Why? Because I believe that with good ideas you can move forward in any situation. With this in mind, I mainly move technology forward.

This might also interest you:

How do I seamlessly host DeepSeek AI in Microsoft Azure or Google Cloud?

AI, Destinations, GDPR
Read more
28. January 2025
https://www.gosign.de/wp-content/uploads/2025/01/deepseek_r1_interface-1.png 1614 2522 Mansoor Ahmad https://www.gosign.de/wp-content/uploads/2017/11/Gosign-Logo-pos.svg Mansoor Ahmad2025-01-28 12:21:572025-02-09 19:27:45How do I seamlessly host DeepSeek AI in Microsoft Azure or Google Cloud?

What are AI agents / AI assistants and how can companies benefit from them?

AI, Destinations, GDPR
Read more
1. January 2025
https://www.gosign.de/wp-content/uploads/2025/01/ai_agents_process_automatisierung.jpg 1024 1024 Mansoor Ahmad https://www.gosign.de/wp-content/uploads/2017/11/Gosign-Logo-pos.svg Mansoor Ahmad2025-01-01 19:56:122025-01-02 11:07:55What are AI agents / AI assistants and how can companies benefit from them?

Looking for AI training for companies? How to effectively prepare your employees for artificial intelligence (AI)

AI, Destinations, GDPR
Read more
21. September 2024
https://www.gosign.de/wp-content/uploads/2024/09/ki-schulungen-fur-unternehmen.png 1024 1024 Mansoor Ahmad https://www.gosign.de/wp-content/uploads/2017/11/Gosign-Logo-pos.svg Mansoor Ahmad2024-09-21 16:56:422024-09-23 07:23:38Looking for AI training for companies? How to effectively prepare your employees for artificial intelligence (AI)

The danger of ChatGPT without registration in the company is an underestimated risk

AI, Destinations, GDPR
Read more
20. September 2024
https://www.gosign.de/wp-content/uploads/2024/09/chatgpt_im_unternehmen.jpeg 1024 1024 Mansoor Ahmad https://www.gosign.de/wp-content/uploads/2017/11/Gosign-Logo-pos.svg Mansoor Ahmad2024-09-20 17:26:552024-09-21 15:19:04The danger of ChatGPT without registration in the company is an underestimated risk

Alternatives and similar programs like OpenAI ChatGPT, Google Gemini or Microsoft CoPilot?

AI, Destinations, GDPR
Read more
20. September 2024
https://www.gosign.de/wp-content/uploads/2024/09/aihub_interface_for_enterprise.png 1692 3712 Mansoor Ahmad https://www.gosign.de/wp-content/uploads/2017/11/Gosign-Logo-pos.svg Mansoor Ahmad2024-09-20 15:53:142024-09-23 07:14:35Alternatives and similar programs like OpenAI ChatGPT, Google Gemini or Microsoft CoPilot?

White paper: Creating a website with AI – From web design to a functioning WordPress theme

AI, Destinations
Read more
4. September 2024
https://www.gosign.de/wp-content/uploads/2024/09/Whitepaper-Erstellung-einer-Webseite-mit-KI.webp 1024 1024 Mansoor Ahmad https://www.gosign.de/wp-content/uploads/2017/11/Gosign-Logo-pos.svg Mansoor Ahmad2024-09-04 18:40:592024-09-17 13:11:09White paper: Creating a website with AI – From web design to a functioning WordPress theme

The change in the world of work: From project team leader to prompt organizer and graphic designer to graphic prompter?

AI, GDPR, Practical Experience
Read more
2. September 2024
https://www.gosign.de/wp-content/uploads/2024/09/Promptorganisator-e1725282313753.webp 1024 1024 Mansoor Ahmad https://www.gosign.de/wp-content/uploads/2017/11/Gosign-Logo-pos.svg Mansoor Ahmad2024-09-02 15:07:322024-09-02 15:45:06The change in the world of work: From project team leader to prompt organizer and graphic designer to graphic prompter?

How secure is our data when we use AI?

AI, GDPR, Practical Experience
Read more
1. September 2024
https://www.gosign.de/wp-content/uploads/2024/09/Wie-sicher-sind-unsere-Daten-wenn-wir-KI-nutzen2.webp 1024 1792 Mansoor Ahmad https://www.gosign.de/wp-content/uploads/2017/11/Gosign-Logo-pos.svg Mansoor Ahmad2024-09-01 11:29:112024-09-02 11:40:17How secure is our data when we use AI?

How does the AI ​​infrastructure fit into the existing IT landscape?

AI, GDPR, Practical Experience
Read more
1. September 2024
https://www.gosign.de/wp-content/uploads/2024/09/Wie-fugt-sich-die-KI-Infrastruktur-in-die-bestehende-IT-Landschaft-ein3.webp 1024 1792 Mansoor Ahmad https://www.gosign.de/wp-content/uploads/2017/11/Gosign-Logo-pos.svg Mansoor Ahmad2024-09-01 09:39:442024-09-02 09:07:46How does the AI ​​infrastructure fit into the existing IT landscape?
PreviousNext

Get the results – our newsletter for you

So you’ll know straight away when we come up with new findings in our magazine.

Name (we like it personal)
Consent(Required)
This field is for validation purposes and should be left unchanged.

Gosign: ENTERPRISE SOLUTIONS
FOR AI AND CMS

Since our founding in 2001, we have been pioneers in the field of enterprise solutions. As one of the first agencies to adopt the enterprise system TYPO3, we specialized early on in the development of large, multilingual, and international brand hubs.

In over 5,000 projects, we have implemented custom web and campaign platforms, with and without shops, for renowned companies across a wide range of industries – from automotive, health, and finance to food, transport, logistics, mechanical engineering, associations, and clubs.

Since 2022, we are expanding our portfolio with comprehensive AI infrastructure solutions to support companies in their digital transformation and prepare them for the future.

Sitemap

  • Services
  • References
  • Magazine
  • Team
  • ENTERPRISE AI SOLUTIONS
  • DeepSeek R1 Hosting in Germany
  • Digital agency Hamburg
  • TYPO3 Security Monitor
  • TYPO3 Extensions
  • AI Model Catalog
  • For Consultants

Gosign operates with a clear conscience.

Contact's logo

Gosign runs on honest electricity and gas.

Member of the German Digital Economy Association (BVDW)
– Shaping the digital future together

Contact's logo

© Copyright 2025 Gosign GmbH
  • Imprint
  • Data Privacy
  • Contact
External Editorial OfficeOur topic cannot be addressed by an external editorial team
Scroll to top