I was goofing around Google and I stumbled upon an article from Monday concerning the “Anti-Phishing Working Group” (APWG for short). The organization is dedicated to stopping phishing attacks and reporting them in a concerted effort to reduce phishing effectiveness and prevalence. They have the usual phishing tips for consumers on how not to get scammed, but what really interested me was their guide for web site administrators concerning server breaches. I realized after I read that article that I had never seen such a comprehensive list of guidelines concerning what to do if your website is breached (The link to the actual PDF itself is http://www.antiphishing.org/reports/APWG_WTD_HackedWebsite.pdf). I’ve only skimmed the first part so far but it seems to be a sensible, accessible document regarding the steps you should take if you’ve been breached by some nefarious villains who have set up shop on your domain for phishing purposes. The site also has a list of affiliated partners who run anti-phishing and hacking services; overall, the group seems to have its act together.
This also kind of ties in with my last post on backups, and I’d also like to take this opportunity to point out how useful it is to have a fully managed server / have a server provider who gives you extensive backup and security support. If you do in fact get hacked, having someone willing to sift through logs and restore a known good copy of your data is a valuable service to have. It cuts your downtime significantly as well as easing the stress on your mind a bit. I’ll keep poking through the site and post if there’s anything else of interest, but I’d recommend at least skimming through that PDF above and the website as a whole!