Results 1 to 12 of 12
-
03-19-2012, 06:18 AM #1Web Hosting Guru
- Join Date
- Jul 2002
- Location
- Your computer
- Posts
- 268
How to report an individual who is DDOSing?
We basically have a hacker that continuously DDOS attacks our servers. He is openly admitting he is doing it.
Some investigation revealed he is from Romania. Have a name and number and IP address but no other information.
What is the best way to report this individual? Obviously Romania is a foreign country to me and i do not speak Romanian.
Also, what is the best way to prove this person is DDOSing? Aside from admitting he is doing it, there is really no other hard proof because the computers he is using to launch the DDOS is coming from other infected computers from all over the world.
Sorry if this is the wrong forum to post to but I am not sure where to put this question.
Thanks in advance.
-
03-19-2012, 06:31 AM #2CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
Two problems:
1) It's close to impossible to extradite and prosecute anyone in Romania.
2) Even if they were in the U.S. and you had an exact street address, a law enforcement officer has to have first hand knoweldge of the facts involved. Your testimony is not evidence. Local agencies do not have the resources to investigate this type of crime and Federal agencies only involve themselves with the worst of the worst DDoS cases.
-
03-19-2012, 06:38 AM #3WHT Addict
- Join Date
- May 2008
- Posts
- 117
-
03-19-2012, 07:54 AM #4Aspiring Evangelist
- Join Date
- May 2004
- Posts
- 354
I know people who have literally flown to another country, punched a DDoSer in the face (as they opened the door), and flown back.
Seemed effective
-
03-19-2012, 07:57 AM #5Web Hosting Master
- Join Date
- Jan 2011
- Location
- Varna, Bulgaria
- Posts
- 1,276
How much loss is he causing you with these DDoS attacks? If it's big enough maybe it could warrant hiring someone (for instance someone from Ukraine) to go and deal with him face to face.
-
03-19-2012, 11:13 AM #6Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Good day:
If you have the IP address, you can look up the data center or ISP who has authority over the IP address.
Then you report the abuse to them asking them to either stop the abuse or terminate the client.
Thank you.
-
03-19-2012, 11:19 AM #7Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 3,816
-
03-19-2012, 12:08 PM #8Web Hosting Guru
- Join Date
- Jul 2002
- Location
- Your computer
- Posts
- 268
-
03-19-2012, 05:40 PM #9Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
Is this a DOS or a DDOS? A DOS can come from one IP, a DDOS comes from many - often thousands. You're not going to be able to report the IP of a DDOS
-
03-21-2012, 10:19 AM #10Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Good day:
Based on our experience, it can be helpful; but a lot does depend on the country involved, the data center involved, and if the abuse emails are actually working.
We've been doing security snitching for years as we review log files and security reports.
Some data centers and ISP's have close to a 100% track record of cleaning up abuse within 48 hours... others like Rackspace.com seem to love sharing "fanatical support" about every thing BUT working with clients to clean up hacked servers (of note, Rackspace.com does eventually get the hacks cleaned up... but it may take weeks).
Oh, and there are some data centers like ServInt that if you send them abuse reports, well they end up black listing the report sender; so I guess they would rather have hacked servers than hear about it.
Thank you.
-
04-01-2012, 07:01 AM #11Web Hosting Guru
- Join Date
- Jul 2002
- Location
- Your computer
- Posts
- 268
-
04-01-2012, 08:20 AM #12CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
Similar Threads
-
The biggest current joy in my life is ruined by DDOSING! And nothing stops it.
By refreshed in forum Dedicated ServerReplies: 19Last Post: 10-29-2010, 01:47 PM -
Detecting IP address' Ddosing server
By justdosit in forum Hosting Security and TechnologyReplies: 5Last Post: 04-18-2010, 10:24 AM -
Urchin CGI Report. Error Encountered (1006). No Permission to view Report.
By ExtremeIS in forum Hosting Security and TechnologyReplies: 4Last Post: 01-21-2004, 06:06 PM -
someone DDOSing me?
By Yong in forum Dedicated ServerReplies: 16Last Post: 09-26-2003, 06:54 PM