Originally posted here by ¤The¤Spe©ialist
[B]Oh gee whiz, you mean I can actually browse for "content"? How about the fact that here is a machine with alot up-time... never mind the amount of bandwidth and cpu cycles that can be used.
And with that remark you just confirmed what I said!
Of course, satisfying their curiosity is one reason for hackers to break in. Some are just plain curious. And some of those hackers will turn out to be malicious and destroy data on your system.
And of course, bandwidth and CPU cycles are very popular for hackers too these days. They can use the bandwidth for spamming purposes, for example. Or to spread around their attacks to more and more systems, building networks of hacked computer systems for them to control. And the CPU time could be used by a hacker in an attempt to crack e.g. an encrypted password file, which would take a lot of brute force in some cases.

So it doesn't just have to be the content of the server that might be interesting to hackers. The server itself can be interesting for them too. Yet hackers who just steal bandwidth or CPU cycles are often less interested in the contents of a site and often will keep the contents alone, to avoid being noticed. In many cases they will even try to avoid spreading around through your webpages since that increases the risk of being detected. IF you want to set up a network of thousands of spambots, you don't want anyone to notice anything suspicious...

However, I do think there's a difference against protecting your server and protecting your site. Websites are often attacked by hackers to collect passwords, bank account numbers and other valuable data. You'll often see fake login pages asking you for this information and even today, many people tend to fall for this trick. Someone could create a website called www.antonline.com and make it appear as this site by just forwarding every client request to this site. And there will be people who don't notice the missing 'i' in the URL and thus nicely fill in username and password, and then they're suprised someone hacked their accounts a few days later. (And maybe a few spam messages will have appeared on this forum...)
But a hacker might also make use of code insertion in your website to steal the same information, and perhaps even more.

You could consider protecting a site and protecting a server as the same thing. I don't, though. Technically, every computer that is connected to the Internet is sensitive to a server attack, where hackers are trying to gain control over as many systems as possible. The chance of becoming the victim of a server attack just depends on the amount of time you're online. (And websites tend to be online 24/7 so they have a big risk.) The chance of becoming the victim of a site attack is relative to the value of the data on your site.