WingNews logo WingNews
top | item 33990259

(no title)

luckyshot | 3 years ago

I would be very grateful if you could share any info about this.

Our small company's site got DDoSed a month ago and we just let it pass since we're not too convinced that the authorities will take us seriously. We don't even know where to start, just saved the logs with a few hundred random IPs from different countries hoping some day we can do something about it...

discuss

order

slothsarecool|3 years ago

We report each DDoS attack our company receives to a special department our police has, your country likely has something similar and I guess it doesn't hurt reaching out to them.

From my experience they will get back to you quickly (usually in <1-2 hour) and they can try helping out if you are still under attack / need some consultation.

Will we ever get compensated for the wasted engineering time to stop these attacks? probably not, but if the police ever finds them and they have extra logs of companies that reported issues, its likely an aggravation of the case.

luckyshot|3 years ago

You're right, I guess I'm still thinking on a few experiences I had way in the past when the Internet was still early and contacting them was a waste of time: they couldn't understand you nor had the time to do so. It's true they now have many more resources and experts in their departments and, as you say, may at least give some good advice on what to do during the panic stage to try and at least mitigate it. Providing them with logs and proof would have been a good idea too.

Oh my, the attack caused so much wasted time and stress that it's still haunting me and the team, specially when thinking that it may not stop there and the attacker/s is just waiting for the next chance to hit us. The days after the attack the first thing I did after waking up was check the servers to see everything was safe. And our roadmap was severely affected too, prioritizing many security features we had in the backlog.

Thank you so much.

jacquesm|3 years ago

Link from the article: https://krebsonsecurity.com/2019/02/250-webstresser-users-to...

It helps if you have a suspect, typically your local LE will have a cyber division that will know what the next steps are.

luckyshot|3 years ago

Glad to hear there's hefty sentences, many attackers don't realize how much damage they're doing and all the stress and effort that goes into trying to mitigate such attacks.

Thank you!

creeble|3 years ago

You might want to look into using Cloudflare for your infrastructure - the same folks that provided DDoS protection for most of the now-busted Ddos-for-hire sites!