Cyber criminals do an overwhelming majority of their work by attacking already-existing websites. It would be far too much of a hassle for them to create and register their own new domains and websites when they have the ability to merely implant a malicious page within legitimate domains instead.
Many of the most recent and prominent attacks from cyber criminally involved the hacking of the subdirectories of seemingly secure sites such as WordPress and Joomla. The malicious pages are often able to go unnoticed for several months because the webmasters of said pages often only check the pages that they created themselves, ignoring the subdirectories and not checking for new, unwanted files. By using this method, hackers are able create millions of malicious doorway pages on reputable domains for free.
The first step of this method of hacking requires the cyber-criminal to get onto the server of the website or domain they plan on attacking. In order to do so, they often implement the use of various password-guessing resources that have the ability to guess and try out thousands of combinations of passwords in a very short period of time. Once the hacker gains access to the administrator password, they are free to log onto the websites platform and have the ability to implant new subdirectories onto the server.
Instead of completely taking over the website entirely, hackers often prefer to do their work without being noticed. The longer the can go without being noticed by the Webmaster knowing, the more traffic their attack can generate with little to no resistance.
After gaining access to the domain, cyber criminals can either enter a full website into the subdirectory or send users to websites selling fake software or products by using a redirect file. They may also use their access for search engine optimization, manipulating search engine results.
There are a few steps that Webmasters can take in order to defend themselves against these types of cyber-attacks. The most obvious, but also most important, step is to use a strong password for their domain. In order to withstand the attacks of password-guessing software, passwords should never be actual words and should always be as complex as possible, utilizing a variety of capital and lowercase letters, numbers, and special characters if possible). On top of a strong password, Webmasters need to check regularly to make sure that any strange directories or subdirectories have been created. Google has Webmaster tools that can help you make sure nothing fishy has been going on.
It is always important to follow the proper steps to protect your website from cyber criminals, malware, and spam.