Over the past couple of years (most recently this morning, after a long break following a change of password) some gang of hackers has been getting into one or two of the pages on my site and making some tiny changes - a little non-ascii character (most recently an Arabic letter, previously an unidentifiable character) appears at the top (before the html code starts) and a link to some commercial company (a different one each time) appears later on in the html code but does not actually appear on the page in the browser (you only see it in code view). In the most recent case I contacted the company to which the inserted link refers and asked them to investigate, but I doubt if they will succeed. (I tried to contact earlier ones, but got no reply)
The only reason that I picked up the change so quickly on this occasion is that I registered the pages with changedetection.com after the previous set of hack-changes.
It was a simple matter to reupload the page(s) in question and thus wipe out the "work" of the hacker. It is also a relatively simple matter to change the password yet again.
However, I just wonder why would someone go to the trouble of cracking a strong password (and it is strong) to get into my online folders in order to make such an insignificant and apparently pointless change to my site?
Has anyone else here experienced this?
Also: Is it possible for a hacker to do this sort of thing without knowing the password?
I'd like some insights into this puzzle.
(BTW I did ask my website space providers and they suggested I use sitelock.com, but sitelock does not protect from, or even warn of, such hackings - I know because I tried their system and they had to admit, after some time, that it wasn't meant for that kind of thing, being more a scan for vulnerabilities, and they found no vulnerabilities!)