What protocol should be followed if website is actively under attack?
Solution 1:
When you're under attack there isn't a whole lot you can do, other than try and block the origins of the attack, which is usually quite futile, as they are a moving target. Such attacks are normally done using compromised systems, numbering anywhere from a few thousand to many millions. Blocking them is like killing flies in summer - for every one you stop there are numerous others to take its place.
Life's too short to go through web logs unless you're looking for something pretty specific. You can however try and block the attack strings in the URLs or restrict access to things like logon or other potentially vulnerable pages. Once that is done your time is best spent ensuring you have a a reliable backup ready and hope the attack fails.
One of my sites has been under attack for about the last 3 or 4 weeks. It's a simple attempted logon attack, using distributed systems. The attack itself was doomed to failure from the start, as my sites don't have the default logon account. However, to ease the load on the web server a little any attempt to reach the logon page from an IP address other than my home now results in a 404 error. I can't stop the attack but I can make it ineffective.