How to Report DDoS Attacks

Download Article
Download Article

A distributed denial of service attack (DDoS) can quickly overwhelm your web servers and crash your website. While these attacks can be devastating, reporting the attack can help you reduce damage and potentially catch the attackers. As soon as you notice a DDoS attack, gather as much information as you can and report it to your internet provider or web host. If you lost money because of the attack, you should also file a complaint with a government internet crime agency.

Part 1
Part 1 of 3:

Analyzing the Attack

Download Article
  1. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/4\/47\/Report-DDoS-Attacks-Step-1.jpg\/v4-460px-Report-DDoS-Attacks-Step-1.jpg","bigUrl":"\/images\/thumb\/4\/47\/Report-DDoS-Attacks-Step-1.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-1.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    When you make the report, you may be asked about specifics of the attack. It is useful if you have this information already on hand. Look over your website’s analytics, logs, graphs, and traffic. Gather as much information as is available to you. [1]
    • If you use a webhost, such as Wordpress, the host will usually provide some website analytics for you through their online portal. Contacting the web host directly may also help you find this information.
    • If you host your own web servers and use a website monitoring service, such as Loggly or Wireshark, use their software to identify patterns in your traffic.
    • If you do not have a monitoring program set up already, you may not be able to access this data without using advanced commands. Try contacting your internet provider.
  2. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/d\/de\/Report-DDoS-Attacks-Step-2.jpg\/v4-460px-Report-DDoS-Attacks-Step-2.jpg","bigUrl":"\/images\/thumb\/d\/de\/Report-DDoS-Attacks-Step-2.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-2.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    Using graphs or analytic data, look at when the spike in traffic first began. This will indicate when the attack began. If the attack is over, check to see when the traffic has dropped. If the attack is ongoing, make a note of how long it has lasted. [2]
    • Ask yourself, is this attack coinciding with another event? For example, if you just launched a new program or if your company was in the news recently, consider if you could have been targeted. [3]
    Advertisement
  3. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/a\/ae\/Report-DDoS-Attacks-Step-3.jpg\/v4-460px-Report-DDoS-Attacks-Step-3.jpg","bigUrl":"\/images\/thumb\/a\/ae\/Report-DDoS-Attacks-Step-3.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-3.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    Look at the packets in your network logs. There are various types of packets, such as SYN packets, ping packets, or UDP packets. An abnormal increase in any 1 type can be the cause of your DDoS attack. Your web logs or traffic tracker will usually allow you to check each type individually. [4]
    • If your site or server has been overwhelmed with SYN (or synchronized) packets, you likely have a Transmission Control Protocol (TCP) flood.
    • If you were overwhelmed by ping packets, you may have an Internet Control Message Protocol (ICMP) flood.
    • If you have been overwhelmed with User Datagram Protocol (UDP) packets or Domain Name System (DNS) queries, you may have a UDP flood.
    • You don't need to know what these packets are doing. You just need to identify what type is flooding your system so that your internet provider or host can reduce the flood.
    • If you can't identify the type of traffic, don't worry. There are many different types of DDoS attack. Your provider may be able to help you when you report the attack.
  4. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/4\/4d\/Report-DDoS-Attacks-Step-4.jpg\/v4-460px-Report-DDoS-Attacks-Step-4.jpg","bigUrl":"\/images\/thumb\/4\/4d\/Report-DDoS-Attacks-Step-4.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-4.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    Sometimes, DDoS attacks are an attempt to blackmail or threaten a company or site owner. In these cases, you may receive messages demanding payment or asking you to take down content. Always save any messages from attackers. [5]
    • If you were asked to make a crypto currency payment, save the information that the attacker gives you, including their wallet address, transaction receipts, email address, and type of currency used.
    • Print off emails and store them in a safe place. Forward them to another safe address as well.
    5. Advertisement
Part 2
Part 2 of 3:

Contacting Your Provider

Download Article
  1. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/9\/94\/Report-DDoS-Attacks-Step-5.jpg\/v4-460px-Report-DDoS-Attacks-Step-5.jpg","bigUrl":"\/images\/thumb\/9\/94\/Report-DDoS-Attacks-Step-5.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-5.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    If you use a web hosting service, such as WordPress or GoDaddy, report your DDoS attack to them. Use live web chat or a phone to contact your web host. An email may not be answered in time to help. [6]
    • Sometimes, web hosting services come under DDoS attacks themselves, which can affect every website they host. If this is the case, your hosting service should notify you. They will handle the DDoS attack from there.
  2. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/1\/1f\/Report-DDoS-Attacks-Step-6.jpg\/v4-460px-Report-DDoS-Attacks-Step-6.jpg","bigUrl":"\/images\/thumb\/1\/1f\/Report-DDoS-Attacks-Step-6.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-6.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    If you do not use a hosting service and have your own web servers, call your internet provider, such as Time Warner, Comcast, or Virgin. Ask to speak to an operations specialist about a DDoS attack on your servers. [7]
    • Many internet providers have emergency numbers listed on their website for situations like this. Call these numbers for immediate help.
  3. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/3\/35\/Report-DDoS-Attacks-Step-7.jpg\/v4-460px-Report-DDoS-Attacks-Step-7.jpg","bigUrl":"\/images\/thumb\/3\/35\/Report-DDoS-Attacks-Step-7.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-7.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    If possible, tell them what type of protocol is overwhelming your system. If you cannot identify the source of the attack or protocol used, your provider can try to identify it for you. [8]
    • Provide as much detailed information as possible. Provide any information about packet sizes, types of protocols used, or the source of IP addresses to help the investigators.
  4. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/5\/59\/Report-DDoS-Attacks-Step-8.jpg\/v4-460px-Report-DDoS-Attacks-Step-8.jpg","bigUrl":"\/images\/thumb\/5\/59\/Report-DDoS-Attacks-Step-8.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-8.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    Mitigation is the process of stopping or reducing the damage of the attack. Your provider may give you instructions on how to block certain types of traffic. They may inform other providers about the attack to reroute some of the traffic. [9]
    • Your internet provider may recommend scaling up your website. This means that they will increase your bandwidth to protect against future attacks.
    5. Advertisement
Part 3
Part 3 of 3:

Filing a Police Report

Download Article
  1. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/4\/4d\/Report-DDoS-Attacks-Step-9.jpg\/v4-460px-Report-DDoS-Attacks-Step-9.jpg","bigUrl":"\/images\/thumb\/4\/4d\/Report-DDoS-Attacks-Step-9.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-9.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    You can report a DDos attack to law enforcement if you were threatened or blackmailed or if you lost money as a result of the attack. In most cases, contact your national web crime unit. [10]
    • In the US, file a complaint online with the FBI’s internet crime complaint center here: https://www.ic3.gov/default.aspx . [11]
    • In the UK, call 0300 123 2040 to report the attack to the National Fraud and Cyber Crime Reporting Centre.
    • In Australia, submit an online report to the Cyber Security Center.
    • In Canada, contact your local police department.
  2. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/7\/75\/Report-DDoS-Attacks-Step-10.jpg\/v4-460px-Report-DDoS-Attacks-Step-10.jpg","bigUrl":"\/images\/thumb\/7\/75\/Report-DDoS-Attacks-Step-10.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-10.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    To investigate, police will need as much as information about the attack as possible. Tell them what you can about the attack. Be sure to include: [12]
    • When the attack started and ended.
    • If the attackers asked for a ransom and whether you paid it.
    • If you were threatened before the attack.
    • What protocols (UDP/DNS, TCP, or ICMP) were used in the attack.
    • Any unusual patterns or observations during the attack.
  3. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/b\/bd\/Report-DDoS-Attacks-Step-11.jpg\/v4-460px-Report-DDoS-Attacks-Step-11.jpg","bigUrl":"\/images\/thumb\/b\/bd\/Report-DDoS-Attacks-Step-11.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-11.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    If you suspect there was a reason behind the attack, be sure to explain why in your report. If you were threatened beforehand or if the attackers asked for money, always include this information. Other reasons behind attacks might include: [13]
    • You published something with a different ideology than the attacker.
    • You have a competitor or rival.
    • The attack was a distraction to try to steal data from your website or company.
  4. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/0\/0c\/Report-DDoS-Attacks-Step-12.jpg\/v4-460px-Report-DDoS-Attacks-Step-12.jpg","bigUrl":"\/images\/thumb\/0\/0c\/Report-DDoS-Attacks-Step-12.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-12.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    If the attackers asked for ransom, threatened you, or sent any message to you, copy the text of these messages. Either upload a copy of the original message or copy and paste the message into your report. [14]
    • If you already paid a ransom to the attackers, give the investigators the attacker’s crypto currency wallet address or email address.
    • If the agency decides to pursue a case against the attackers, you may be asked for hard copies of your evidence, including emails, payment transactions, or screenshots of the attack. Keep the original copies in a safe place.
  5. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/d\/dc\/Report-DDoS-Attacks-Step-13.jpg\/v4-460px-Report-DDoS-Attacks-Step-13.jpg","bigUrl":"\/images\/thumb\/d\/dc\/Report-DDoS-Attacks-Step-13.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-13.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    To encourage law enforcement to investigate the issue, be sure to state any financial impact this attack may have had on your business. If you lost customers, money, or data during the attack, tell them.
    • State how you earn income from the website. For example, you might sell products, offer online services, or earn money through advertising.
    • Try to come up with estimate of your total losses, based on how much money you typically make in an hour or day from your site.
    • Report any customer or user complaints to help emphasize how the attack affected your network.
  6. {"smallUrl":"https:\/\/www.wikihow.com\/images\/thumb\/6\/6c\/Report-DDoS-Attacks-Step-14.jpg\/v4-460px-Report-DDoS-Attacks-Step-14.jpg","bigUrl":"\/images\/thumb\/6\/6c\/Report-DDoS-Attacks-Step-14.jpg\/aid9804450-v4-728px-Report-DDoS-Attacks-Step-14.jpg","smallWidth":460,"smallHeight":345,"bigWidth":728,"bigHeight":546,"licensing":"<div class=\"mw-parser-output\"><p>License: <a target=\"_blank\" rel=\"nofollow noreferrer noopener\" class=\"external text\" href=\"https:\/\/en.wikipedia.org\/wiki\/Fair_use\">Fair Use<\/a> (screenshot)<br>\n<\/p><\/div>"}
    In a few weeks, you should receive an email regarding your complaint. DDoS attacks can be difficult to prosecute. Unless the government has a strong lead on your attacker, they may not be able to follow up on your complaint. [15]
    • If law enforcement decides to investigate and prosecute your attackers, you may be asked to supply copies of evidence, such as emails or screenshots of the attack.
    • If they have not decided to investigate at this time, they will notify you. You may be asked to keep your documents in a safe place, just in case they decide to prosecute in the future.
    7. Advertisement

Expert Q&A

Search
Add New Question
  • Question
    What is the website for reporting cybercrime in the US?
    Luigi Oppido
    Computer & Tech Specialist
    Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years.
    Luigi Oppido
    Computer & Tech Specialist
    Expert Answer
    You want to go to ic3 and submit your report there. That's for DDoS, malware, ransomware, really anything you need to report.
    Thanks! We're glad this was helpful.
    Thank you for your feedback.
    If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 0 Helpful 1
  • Question
    What should I include in my report?
    Luigi Oppido
    Computer & Tech Specialist
    Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years.
    Luigi Oppido
    Computer & Tech Specialist
    Expert Answer
    You really want to give them as much information as possible. That might include the time of day, the specific events, and whether you were contacted by the attacker or not. In fact, it's extra important to include info if they contacted you directly, since that kind of information will give the authorities the best chance at catching the attacker.
    Thanks! We're glad this was helpful.
    Thank you for your feedback.
    If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission. Support wikiHow
    Yes No
    Not Helpful 0 Helpful 1
Ask a Question
200 characters left
Include your email address to get a message when this question is answered.
Submit
      Advertisement

      Tips

      • Properly monitoring your site before a DDoS attack occurs will help you reduce the damage while helping you determine the source of the attack.
        Thanks
      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Submit
      Thanks for submitting a tip for review!
      Advertisement

      You Might Also Like

      How to Make It Look Like You are Hacking
      The Best Ways to Earn Free Microsoft Points
      How to Have Computer Fun: Content, Games, Writing, & More
      Easy Guide to Updating the BIOS on a Computer (Windows)
      How to See All Open Apps and Windows (for Windows 10, 11, and Mac)
      How to Print Screen on an HP Laptop, Desktop, or Tablet
      How to View System Information on Windows & Mac in Seconds
      How to Remove a Computer from Accessing Steam
      How to
      Find out How Long Your Computer Has Been On
      How to Enable XMP: Step-by-Step Guide for Easy Overclocking
      How to
      Check if Your Computer Is 64 Bit
      How to
      Destroy an Old Computer
      How to
      Be a Computer Genius
      How to
      Know if You've Been Hacked
      Advertisement

      References

      1. https://www.cisecurity.org/wp-content/uploads/2017/03/Guide-to-DDoS-Attacks-November-2017.pdf
      2. https://www.readitquik.com/articles/security-2/a-guide-to-identify-ddos-attack/
      3. Luigi Oppido. Computer & Tech Specialist. Expert Interview. 13 November 2020.
      4. https://www.cisecurity.org/wp-content/uploads/2017/03/Guide-to-DDoS-Attacks-November-2017.pdf
      5. https://www.ic3.gov/media/2017/171017-2.aspx
      6. https://www.icann.org/news/blog/how-to-report-a-ddos-attack
      7. https://www.icann.org/news/blog/how-to-report-a-ddos-attack
      8. https://www.icann.org/news/blog/how-to-report-a-ddos-attack
      9. https://www.icann.org/news/blog/how-to-report-a-ddos-attack
      1. https://www.icann.org/news/blog/how-to-report-a-ddos-attack
      2. Luigi Oppido. Computer & Tech Specialist. Expert Interview. 13 November 2020.
      3. Luigi Oppido. Computer & Tech Specialist. Expert Interview. 13 November 2020.
      4. https://www.icann.org/news/blog/how-to-report-a-ddos-attack
      5. https://www.ic3.gov/media/2017/171017-2.aspx
      6. https://www.ic3.gov/Home/FAQ

      About This Article

      In other languages
      Thanks to all authors for creating a page that has been read 48,637 times.

      Is this article up to date?

      Advertisement