What To Do If Your Web Site Has Been Hacked by Phishers

This a high level document by APWG that explain that steps you should take if your web server is used in a phishing attack, it will also give you an idea how to identify web sites phishing attacks, with things like traffic monitoring, File system inspection, Server configuration inspection, and event logging.

http://www.apwg.com/reports/APWG_WTD_HackedWebsite.pdf