What happens during a hacker attack?

The image of a lonely hacker in a black hoodie sitting at a laptop attacking your website is far from the truth. In reality, thousands of automated programs systematically search the web for security vulnerabilities.

If they find what they’re looking for, these ‘bots’ will install different types of malware on your website in order to pursue their own agendas – often with fatal consequences for your site.

The main types of malware


Backdoors are secretly installed by hackers to penetrate your website undetected over and over again.


Malware is the term used to describe infected files that are installed on your web server in such a way that they are automatically downloaded onto the computers of your website visitors as a “drive-by download”.


Your hacked website is misused as part of a botnet that is deployed to launch targeted overload attacks on third party services (“DDoS attacks”).


Mailers are infiltrated server scripts that secretly send spam emails from your website.


One of the few visible effects on your website is “defacement”, which involves your own content being replaced by external content, usually for political reasons or as an act of pure vandalism.


Hackers secretly use your domain to publish fraudulent pages with which they attempt to ‘harvest’ sensitive data from third parties.

Hackers are not interested in your website in particular – they are simply scanning for security vulnerabilities. That’s why you should ask yourself: How well is my website protected?


Often, you won’t notice if your website has been successfully hacked. It’s similar to the development of a tooth cavity: what begins as a black dot ends in root canal treatment if left unchecked and untreated. Waiting until it hurts is costly and painful.
The same applies to websites: without updates and controls, an unnoticed intrusion over time results in extensive and sometimes irreversible damage. The associated expense can far outweigh the cost of taking precautionary measures.

Browsers such as Google Chrome, Firefox and Safari have phishing and malware protection enabled by default. It scans websites for known malware, and if your website is identified as unsafe, your visitors will be warned by the browser with a message not to visit it.

The results:
You lose customers and your reputation is damaged. In turn, your site will be downgraded and ranked lower in the Google search results.

The content of your website will no longer be reachable, because every one of your pages automatically redirects the visitor to websites containing pornographic content or dubious offers (e.g. online betting, pills).

The results: You lose customers and your reputation is damaged.

In the case of “defacement”, your website is overwritten with external content. Your visitors might suddenly see different content than they expected, or even a completely different language such as Chinese or Arabic.

The results: You lose customers and your reputation is damaged. If you haven’t securely backed up your content, defacement can result in it being permanently lost.

If your hosting provider detects malware on your website, they will block the affected pages or – even worse – the whole website. In such case, your visitors will only get an incomplete picture of your products and services.

Result: You lose customers through incomplete and inaccessible pages.

In serious and rare cases, the Federal Reporting and Analysis Centre for Information Assurance (MELANI) may even deactivate your domain entirely. This means that you will no longer be able to receive and send emails. Nothing will work anymore.

The results: You’re offline! Digital communication with your partners and customers is no longer possible.

Any questions?

Why is cleaning up a hacked website so expensive?

A website consists of thousands of lines of code, and a large one even of tens of thousands. Somewhere in between hides the malicious code, which is hardly distinguishable from the clean code. It’s like looking for a needle in a haystack. Even worse, you don’t know how many needles there are. Tracking down and finding all of the affected areas is time-consuming and usually very expensive.