Three of my sites were hacked a few weeks ago, and I'm trying to learn as much as I can to prevent it happening again. I'm a complete beginner at these things, so I apologise if this is a daft question.
I've been checking the 404 error logs for all my sites, and on the three that were hacked, there are requests for back-up copies of legitimate pages e.g. index.html.bak, index.html.~, index.html.sav etc. - same pattern for every page on the site. None of my other (unhacked) sites have this.
I understand that a .php back-up file with an altered extension can allow a hacker to read the content, but why would they want an old .html or .css file? There are no backup copies of anything on any of my sites, but why is somebody looking for them? All three sites are very small, static html sites, with nothing more interactive than a Google map.
I'd really just like to understand what's going on here, as I'm feeling generally very bemused by the whole thing. Thank you.