I use shared hosting for my website, and recently I saw from the logs and load that IP 18.104.22.168 began to attack the site - that is, requests are constantly sent to the website's start page, in fact more than 400,000 requests per day.
This does not bring any significant damage, but the server experiences overloads every day, and I would like to know where to report this kind of attack, preferably in an instance as superior as possible.
I found the contacts of the BIGTELECOM provider and wrote to both emails that are in the whois of this IP - but things are still there.
Are there any higher authority over this ISP that can block that IP from being attacked?
This seems to be the problem of my hosting provider, and they solve it (by the way, really show me at least one more hosting provider that will provide free attack protection services to a client on a shared package?) - there is a script firewall on the hosting provider's server. Plus, this IP address is also blocked in .htaccess.
but I would like to deal with it myself. right now I found something like their website, himki.net, I'm already writing to them.
call the providers, or what?
Are there any real actions that can solve this situation?
Block ip in the firewall on your server.
Also trace by ip and find out who is the upstream bigtelecom provider. Next, write to the higher provider.
You can also in the .htaccess file
deny from 22.214.171.124
allow from all
A distributed denial of service (DDoS) attack can quickly overload your web servers and crash your website. While these attacks can be devastating, reporting an attack can help you mitigate damage and potentially trap attackers. Once you spot a DDoS attack, collect as much information as you can and report it to your ISP or web host. If you have lost money due to an attack, you should also file a complaint with the government's internet crime agency.
I was faced with the fact that the server was hammered in addition to standard bots, several of them that gave out up to 500 thousand pps and a stream of 200-400 megabits each.
The trick is that on regular network servers, which are in most servers, interrupts are handled by one core, regardless of their number on the machine. And from such a number of connections, even with a complete DROP of all connections, the entire network subsystem goes astral. Well, no one has canceled the plugging of the channel either, especially if you have a small one.
It is quite problematic to deal with this. Here, such dedicated are killed by abuses quite simply (when, of course, sometimes they had to call and swear).
Actually, this is what the whole idea with these scripts was started for, but then I applied it by sending abuses to several hundred addresses from the list of those bots that were constantly hammering us, I noticed that they were reduced, and letters began to come to the mailbox, saying thank you, we will check, or thank you sent a notification to the client.