Usually by using insecure scripts, which is by far the most common way
to break into a website. For example if a script on the server doesn't
properly check passed URL parameters or form data, it might be possible
to inject malicious code or even upload your own script to the server.
Then it's quite easy to view and manipulate the code of the pages, for
I've already seen pages with an upload feature, but an improper check of
the uploaded files. So I was able to easily upload my own PHP script and
even call it in my browser ... some people just make it too easy for an
The other way is to really break into the server by hacking into the OS
and gaining root access. But then it's about time for you to change the
host as quick as possible.
The best is to do what you can to prevent such things right from the
beginning. But unless you use server-side scripting to process form data
or do other dynamic stuff, there's not much of a danger if the server is
properly maintained and updated by your host.