Website defacement is similar to drawing graffiti on a wall, only it happens virtually. Websites’ appearance change - pictures and/or words are scrawled across the defaced website.
Why Websites are Defaced Attackers may have different motivations when they deface a website. Political motivation is one. Attackers who are against a government or a particular movement can choose to deface related websites to air their views. Attackers who do this are known as hacktivists. They may change the content of the defaced website with a picture or a message of their choice. Other attackers may choose to deface a website for fun - to mock site owners by finding website vulnerabilities and exploiting these to deface the website. Similar to hacktivits, these attackers deface a website with a picture or a message of their choice.
Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them, including the FBI, CNN, eBay, Apple, Microsoft, and AOL.
Remote file inclusion is the vulnerability most often found on websites. Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included on a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local exploits to escalate his privileges and take over the whole system.
Defacing a website may be fun for the hacker, but it is always a nightmare for the website owner.
Loss of money: The various costs of repairing and repaying customer losses and other such technical support processes can cost millions.
Loss of time: A normal defaced website takes around 1 to 3 days to be ade to work and function efficiently again.
Reduced privacy and loss of information: Website defacement is sometimes done to access private information, data, and files. From manipulating and accessing customer details to changing your privacy settings, each and everything is in the hacker’s hand. Everything is at take after website defacement.
Reputation damage: Money and time loss are almost bearable but the reduced SEO rankings and loss of reputation are the biggest impacts of website defacement for any business. It often leads to the reduction of the number of loyal and trusted customers.