Originally Posted by CradosRock
First, remember that every website is a collection of files stored on a computer somewhere. If an attacker can compromise that computer and gain access to the files with enough permission to edit them, he can do whatever he wants. There are several news stories a year about companies or agencies that have their home page defaced http://www.securitypronews.com/.../...acksReported.html . As of the writing of this answer, NASA was the latest victim of such an attack.
If the attacker wants to make the target website temporarily unavailable, all he has to do is crash the program or the computer. If he wants to deface it, he has to get priveledges on the computer that would allow him to edit the website files. He can attempt to do this through any open port and program or by trying to directly log into the machine.
Programs use ports to access the internet. Well known programs or services use the same ports all the time and are easy to find. Web servers usually use port 80. If an attacker wanted to target an individual's or company's web server, he would interrogate port 80 to see if he could find out which web server program is running there and which version the victim is using.
The attacker can then exploit any vulnerabilities that exist in that particular piece of software. There are many different ways a program can be broken (buffer overflow for example) and a wise system administrator applies all patches and updates the manufacturer provides to close these holes.
That said, doing these sorts of things is illegal and just plain mean. There are many ways such an attacker leaves evidence and it's not worth the jail time. 18
Pts
Rate Answer
IT ALL MAKES SENSE NOW!
I'm a master hacker guise.