What can I do with an IP address of a visitor that tried to access a shell exploit that was planted on my system?

My website was exploited (don't worry about how) and the result was there were several WebShells installed in various locations. The exact web shell is just like the one listed in this question here on StackOverflow.

I deleted the shell file, obviously, and did my best to resolve the exploit. In the meantime, I caught an IP address in my site's error logs trying to access said shell file. The IP is coming out of Waterloo, Ontario from a Rogers Cable IP address. This appears to be a residential IP.

So, besides blocking the IP, is there anything else I can do with this? Report it to Rogers - would they believe me, would they bother? Is it possible that it's just a zombie computer proxying the request for the real attacker?


Solution 1:

You can tell your ISP and/or hoster, and you can tell their ISP. That's about it. No one else will care. They might not care. It is very likely that the machine's a zombie.

Solution 2:

Unless you're a large company or a government entity, your chances of getting anywhere are slim to none. Report it to the abuse contact for the IP block and perhaps your local police.