Handling Procedure for Website Hacking

From WebFocus Wiki Site
Jump to: navigation, search

* Objectives

– To promptly assist and provide thorough and complete Incident Report to all hacking incident.
– To effectively manage and find long term solutions on all security issues for both website and server vulnerabilities.


Flowchart.png


Technical Team

  • Process 1: All corresponding reported hacking incident should be created a ticket (using our helpdesk). One of the technical personnel preferably Level II Jr. or Sr, should be the one to create or handle the ticket. The incident will fall on standard escalation process under Medium to High Priority.
  • Process 2: Technical personnel will immediately isolate the compromised web file by creating a subdomain named investigation.domainname.com. Main domain will be uploaded by a page under construction page to prevent further penetration or disclosure of other website content, database details and etc. Said personnel will also temporary remove clients access to their FTP accounts so they could not upload their website during investigation.
Technical personnel will proceed on investigation by checking server logs and possible vulnerabilities found on web codes and server.
  • Process 3: Technical Personnel will produce all found vulnerabilities and server logs which found the hacker traces. Upon completion of server logs and investigation all gathered information will be given to the Technical QA for proper documentation and handling.
  • Process 4: The Incident Report will then be prepared by the Technical QA using below outline.
– Summary
– Details of Incident
– Vulnerabilities
– The notification process
– Technical Details / Fix Actions
– Recommendation
  • Process 4.1: The Incident Report will then be prepared by the Technical QA using below outline.
– Summary
– Details of Incident
– Vulnerabilities
– The notification process
– Technical Details / Fix Actions
– Recommendation
  • Process 5: Once Incident Report is completed, the Senior Technical personnel will forward the generated report through the created ticket. Website will re-upload back online as soon as the client comply on the following conditions
– The developer should apply all patch needed on the found vulnerabilities
– Website level treat must go down to level 1 based on the Accunetix Scan result
– Follow all recommendation given on the Incident Report


Production Team

  • Process 2.1: Production Team will scan the compromised website to check all vulnerabilities and unwanted files inserted by the hacker using Accunetix.
  • Process 4.1: Once Technical QA completes all the Incident Report details based on their assigned section, the document will then be forwarded to the Production Manager.
Production Manager will fill-in all assigned details on the report and collaborates on the Technical Team for the final Incident Report to be given to the client.
– Vulnerabilities
– Technical Details / Fix Actions:
– Recommendation
  • Process 6: As the final Incident Report has been generated, Production Manager will create a Job Order with regards to the Incident. Details of the incident should be stated on the job order together with the path where the final report is located.
Sales Admin will then process and record the incident on V-tiger and make sure that all process has been followed and completed before closing the job order.
Retrieved from "http://wiki.webfocus.ph/index.php?title=Handling_Procedure_for_Website_Hacking&oldid=1969"