Hello!

My website, hosted on a shared server, has been under attack from IP 87.255.1.42. The attacker sends more than 400,000 requests per day to the site's start page, causing server overloads. Although this attack does not cause significant damage, I want to know where to report it to the highest possible authority.

I contacted BIGTELECOM, the ISP for that IP address, but they have not taken action yet. Is there a higher authority that can block this IP from attacking my site?

While my hosting provider has a script firewall in place and has blocked the IP address in .htaccess, I would still like to handle the situation myself. I have found something like the attacker's website, himki.net, and I plan on contacting them. Are there any other actions I can take to resolve this situation?

To resolve the issue of an IP address attacking your website, you can take several actions. One option is to block the IP address in the firewall on your server. Another way is to trace the IP address to identify the upstream provider, which is BIGTELECOM in this case, and then contact the higher provider to report the attack.

You can also add the following code to the .htaccess file:

order allow,deny
deny from 87.255.1.42
allow from all
This will deny access to your website from that IP address while allowing access to everyone else. However, please note that these measures may not completely solve the situation and contacting the relevant authorities may still be necessary.

A distributed denial of service (DDoS) attack can quickly overload your web servers and crash your website. While these attacks can be devastating, reporting an attack can help you mitigate damage and potentially trap attackers. Once you spot a DDoS attack, collect as much information as you can and report it to your ISP or web host. If you have lost money due to an attack, you should also file a complaint with the government's internet crime agency.

I faced the issue of the server being overwhelmed, with several bots generating up to 500,000 packets per second and streams of 200-400 megabits each. The problem is that, on most servers, interrupts are managed by a single core regardless of the number of cores on the machine. As a result, when there is a large number of connections, the entire network subsystem becomes unstable even if all the connections are dropped. This can be especially problematic with smaller channels.

This issue can be challenging to handle. Typically, dedicated servers may provide increased protection against such abuses, but they too have vulnerabilities. Using scripts or sending abuse reports to hundreds of addresses from a list of bots that were causing overloads, however, has shown some success in reducing the number of such bots. In some cases, we received emails thanking us for the reports or acknowledging that they had investigated the issue.

While it's crucial to report the issue to the relevant authorities, it's important to recognize that the process might be time-consuming and that immediate relief may not be guaranteed. In addition to contacting BIGTELECOM, you could also consider reporting the incident to CERT (Computer Emergency Response Team) in your country or the country of origin of the attacking IP address. These organizations are equipped to handle such cyber threats and can escalate the issue to higher authorities if needed.
Regarding your plan to contact himki.net, it's essential to approach this with caution. Engaging directly with the alleged source of the attack should be handled delicately, as it could potentially escalate the situation. It's advisable to seek legal counsel before making any direct contact with the website owner.

In parallel, you can explore leveraging DDoS mitigation services offered by reputable cybersecurity firms. These services are designed to absorb and deflect such volumetric attacks, providing an additional layer of protection alongside your hosting provider's measures.

Lastly, documenting all correspondence and incident details is crucial for potential legal or regulatory actions. This will provide a comprehensive trail of your efforts in resolving the matter and can be instrumental in any future proceedings.

Remember, persistence and a multi-faceted approach are key when dealing with such cyber threats. Stay vigilant and keep exploring all available avenues to safeguard your website.

As soon as you notice a DDoS attack, gather as much information as you can and report it to your internet provider or web host. If you lost money because of the attack, you should also file a complaint with a government internet crime agency.