Security, Responding to Compromised Websites

A website or server that I am responsible for has been compromised. What are my next steps?

If an administrator of becomes aware of a compromised website or server before receiving a notice from the Office of Privacy and Information Security, they should contact to coordinate the incident response.

If an administrator receives a notice, from the Office of Privacy and Information Security, about a compromised web server they should respond as soon as possible with the steps taken to remediate the compromise.  Security may filter the web server from the network if warranted, or if no response is received regarding the compromised system.

The administrator of the system must inform Privacy and Information Security of mitigation steps taken, and whether or not the system stores sensitive information or has access to sensitive information.

Keywords:Security Hacked server OPIA   Doc ID:56730
Owner:Security S.Group:University of Illinois Technology Services
Created:2015-09-24 15:27 CDTUpdated:2017-03-17 14:17 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0