Why do attackers target websites? What do they hope to gain? There are several common reasons.
Many websites store user data, which is necessary for normal operation of the website - allowing users to log on, post messages, make purchases, etc. Many attacks seek to access this information, often through SQL injection.
User email addresses can be used for spam and phishing attacks against users of the site. Phishing attacks will often try to persuade users to log onto a fake site. If the attackers have extra information, for example which items you recently purchased, they can use this to make the email seem more convincing.
User passwords allow the attacker to log on to the site as if they were a different user, and post messages, make purchases etc.
Unfortunately, people often use the same username and password for different sites. If criminals obtain your password from somewhere unimportant such as a user discussion board, they might be able to log into your bank account if you have used the same password. This makes password information very valuable.
Payment details such as bank or credit card details give criminals the ability to steal money or make unauthorised purchases.
Some attacks have the aim of shutting a site down so that users can no longer access it. This is sometimes simply vandalism, and is sometimes performed by taking control of the web server.
In more serious cases, he aim is to blackmail the site owner, by taking a busy commercial site down at a critical time so that the owners face losing money if the attack continues. More organised criminals like this will often use denial of service attacks.
The aim is sometimes to alter the front page of a website to contain the attacker's message, often as a protest or for notoriety.
Many websites allow an administrator to update content remotely (for example, Wordpress does this). Anyone who obtains the administrator password in some way can easily perform this attack.
It is quite common for people to place spam messages on internet forums, to act as free advertising for their website or product. This isn't difficult to do, and isn't usually illegal. But if it isn't deleted, it does ruin the forum for genuine users.
Copyright (c) Axlesoft Ltd 2021