Website defacement is the unauthorized change to the appearance of a web page or entire site. It can involve taking a page completely down and replacing it with something new, or injecting code to add images, popups, or text to a website that were not present before. Some forms are more subtle, and may involve the insertion of malicious code that infects the computers of visitors, setting them up for viral attack and other issues. This practice is illegal, and can be subject to fines and jail time if the perpetrator is caught.
Like other hacking activities, website defacement can occur for a variety of reasons. In some cases, it is part of an attack on the owner of the website, in which case the content added to the site may be injurious. Hackers could attempt to damage the reputation of the site owner, or could add false and misleading information. For example, they might replace an informational website for a shop with a notice saying it is closed, with the goal of driving customers away.
In other cases, it may be done purely for fun, without any specific malice against the owner of a site. Hackers may penetrate a server and attempt to hack all the sites hosted there. These attacks sometimes include mocking notices to site owners and security personnel that highlight security weaknesses on the server or in the site's code. This type of website defacement is sometimes done in the name of a public awareness campaign to alert people to the vulnerability of a site. Ethical hackers, however, usually prefer to contact site owners and software companies to alert them privately.
A variety of methods can be used to access a site in order to deface it. A common tactic is called a MYSQL injection attack, which takes advantage of a popular databasing system to access sensitive site information. To remove the defacement, the site owner needs to find the corrupted or hacked code and replace it with new code. Sometimes, this requires completely wiping a site and installing a fresh version. It is important for people to back up their sites regularly so they can restore data in the event of a problem.
Some security firms offer website defacement alerts. When they notice a change to a customer's site that appears to be unauthorized, they can send out alarms to personnel. These can include web security specialists, who can work on fixing the problem, as well as key corporate officers. They may need to know about the problem so they can engage in some public relations work to limit the damage caused by the defacement. If a family-friendly company briefly displayed an offensive language because of website defacement, for example, it might want to reach out to customers to inform them about the situation.