hosted by liquidweb

Go Back   Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : Automatic reporting of DDoS attacks?

Forum Jump

Automatic reporting of DDoS attacks?

Reply Post New Thread In Dedicated Server Subscription
Send news tip View All Posts Thread Tools Search this Thread Display Modes
WHT Addict
Join Date: Aug 2007
Posts: 118

Automatic reporting of DDoS attacks?

I have a list of IPs that have attacked my server with a reflective DDoS attack.

I am manually searching each IP to send an abuse email for each host.

Is there a faster or even automated way of doing this?

Sponsored Links
Web Hosting Master
Join Date: Nov 2000
Location: Thailand
Posts: 3,355
I imagine you can do this pretty easy from the shell, ask your server admin to script you something.

I would tackle it something like this. First presuming you have collected the IPs into a simple text file call badips.txt

cat badips | uniq
removes duplicates

Then pipe this into something to lookup the IP:


while read badip; do
abuseEmail=$(whois -h$whoisServer $badip | awk '/^OrgAbuseEmail/ { print $2}' | sort | head -n1)
echo "$badip:$abuseEmail"

The awk matches line start with OrgAbuse and prints the second field collected, sort is quick hack to promote abuse@ to the top, head skims only the the top result. This is very rudimentary, you probably want to expand on this to check different whois server depending on the IPs etc..

Okay so chaining we have

cat badips | uniq | bash iplookup

Which yields

Okay so now pipe this to something that can split by : and fire off your email template, you could probably one line with this with xargs -n1 and -I but probably cleaner to read to write another bash script (keeping with unix style of do one thing well)

So perhaps something like


while read badLine; do
#im not testing this but you get the idea
mailx -s "IP: $badIp dos'ing me" $badEmail #see other man mail/mailx to include template etc.. I imagine you'll have to include attachment showing proof etc..

Disclaimer: Dont copy and paste the above, as a whole solution it is untested (especially the mail script), but it should give you some ideas... If you have a server management company they are working in the shell daily so they should be able to script a more resilent and error-free version of the above relatively quickly

Good luck.


Last edited by MattF; 06-04-2012 at 01:30 AM.
Join Date: Mar 2007
Posts: 363
Nice one MattF - I am going to try this too. Looks like it should work, with a little tweaking. Thanks!

Sponsored Links
Junior Guru Wannabe
Join Date: Oct 2011
Posts: 53
So why don't some IPs have any abuse emails listed? How am I supposed to get the abuse email from these?

root@locahost:~$ whois -h ""
# Query terms are ambiguous. The query is assumed to be:
# "n"
# Use "?" to get help.

# The following results may also be obtained via:

Reliable Hosting Services RELIABLE-HOSTING-NETWORK (NET-199-15-248-0-1) -
Brdedicados BRD-NET (NET-199-15-251-0-1) -

# ARIN WHOIS data and services are subject to the Terms of Use
# available at:


Similar Threads
Thread Thread Starter Forum Replies Last Post
Automatic Abuse Reporting Script for Web Hosts Squidix - SamBarrow Hosting Security and Technology 2 02-21-2011 01:59 AM
Ddos Management | Handle most ddos attacks on server level | save hundreds! jon-f Systems Management Offers 0 10-03-2010 12:39 PM
Got DDoS? BLCC DDoS Protection sale! Stop HTTP GET attacks in their tracks! ddosguru Dedicated Hosting Offers 7 01-17-2007 12:49 PM
Apple attacks bloggers for reporting on iphone skins/ Techno Web Hosting Lounge 6 01-16-2007 04:29 AM
Reporting Brute Force Attacks To Hosts logo-one Running a Web Hosting Business 5 06-20-2005 03:22 AM

Related posts from
Title Type Date Posted

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Log in with your username and password

Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Web Hosting News:
WHT Membership
WHT Membership



Welcome to

Create your username to jump into the discussion! is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.

(4 digit year)

Already a member?