The Anti]Phishing Working Group (APWG) and IPC has released a new idustry advisory document titled: "What to do if your site has been hacked by phishers". The purpose of the document is to provide website owners with specific actions they can take when they have been notified that their website or webserver has been infiltrated and used for phishing.
The document notes that "Some phishers use compromised computers to host malicious or illegal activities, including identity theft, fraudulent financial activities, as well as collecting personal information and business identities from their victims for future use. Others attack or 'hack' into and gain administrative control over the legitimate web sites of businesses and organizations of all sizes. Such hacked web sites disguise the bad acts the phishers perform. More importantly, web site hackers are fully aware that the web sites they hack and 'own' are reputably legitimate."
"Law enforcement and anti]phishing responders respect and operate under established business, technical, and legal constraints when they seek to remedy or take down hacked web sites. These measures protect legitimate web site operators but unfortunately serve the attacker as well by extending the duration of the attack. The Anti]Phishing Working Group (APWG) offers this document as a reference guide for any web site owner or operator who suspects, discovers, or receives notification that its web site is being used to host a phishing site. The document explains important incident response measures to take in the areas of identification, notification, containment, recovery, restoration, and follow]up when an attack is suspected or confirmed. This document serves a guideline for web site owners."
See the full APWG "What to do if your site has been hacked by phishers" Industry Advisory here.