“Hacking is a sad reality, but Drupal is doing a very good job of mitigating the risks, by quickly making people aware of them.
As soon as a vulnerability in popular CMS platforms like Drupal is discovered, millions of crawlers operated by hackers (similar to Google bots) start searching for vulnerable websites. Once a victim is identified, their website gets hacked, patched (to prevent “competition” to overtake the same site) and backdoor’ed. Within several days, access to the compromised website will be sold on the black market, more than likely to several different customers at the same time who each may well resell it several more times. Like this,your personal blog may be easily involved in a dozen different criminal offenses such as hosting illicit content, sending spam and infecting visitors, to name just a few.
Many people simply don’t realise that their website is a very attractive target for hackers. Obviously, hackers don’t aim to hack their particular website, they just need to hack as many as they can: to steal visitors traffic and to infect visitors with malware that turns their PCs into bots to perform DDoS attacks or send spam. Any website (even your personal blog!) can be easily sold on the black market – the price mainly depends only on how popular/reputable the website is. So, the more websites hackers have to sell, the bigger the volume discount. However, if you offer to sell tens of thousands of websites at once, you can get enough income even with large discounts. This is just one of the reasons why hackers are looking for websites that are easy and quick to hack into.”