Roskomnadzor, as a means of repelling DDoS

One day I ran into a problem. Someone decided to pull out my entire barcode database , for which many threads, from different addresses, with a good UserAgent base, began to parse it. The load on the hosting has increased tenfold, to indecent. Ignore it failed. It would take a very long time to wait until the bots were filled, because there are several million pages, and the bots also tried to find something, simply by increasing the number. half of the requests went by. One-time ban does not help, when unlocking, even after a month, DDoS resumed.

A simple analysis of whois showed that all requests come from a single hosting, possibly distributed, but with one owner, and from Russia. Attempts to contact us on abuse @ were unsuccessful, either there was silence in response, or there was a message about the absence of a box. In the meantime, the number of address ranges that I manually selected for activity from journals exceeded fifty ...

From a technical point of view, everything was quite simple and it was just a pity to have been killing time for banning. By the way, taking this opportunity, I will emphasize that it is better to forget all the recommendations for using DDoS to use iptables that are on the network. After a heap of chains, the “tables” start to slow down the server response quite noticeably. Make up the ipset, it's worth it.

And then I remembered that in our country there is a supervisory authority, which repeatedly puzzled me with demands to remove topics from the forum at the request of the court. The court was usually located thousands of kilometers away from me and it was possible to extract his decision with great efforts, and we could not understand collectively what child pornography is contained in the topic of trade automation. But I digress it. So, there is Roskomnadzor and I decided to ask for help.
')
Appeal can be submitted here: rkn.gov.ru/treatments/ask-question
What I did.

Good day,

Periodically, when I remove the protection, a large number of requests start me DDoSit specific hosting DEPO40, but with completely different IP addresses. Mail abuse does not respond. Apparently, the owner is a citizen of the Russian Federation. I began to collect a list of addresses that attacked me, by whois - these are ranges of completely different world segments, united by the owner’s name only. Interestingly, whois records for these segments are duplicated and the duplicates belong to different countries, but in general the number of ranges scattered around the world is impressive and leads to vague suspicions. In connection with the limit of characters I will give the link to the list of segments: olegon.ru/showthread.php?t=26882

Please let me know if the hosting owner is engaged in something contrary to the laws of the Russian Federation and the norms adopted on the Internet as a whole, and what measures will be taken if my suspicions are confirmed.

The next day, a notification arrived that a registration number was assigned to the application and that an answer would be given within a month. Directly and the mood has improved, that something really works with us. And, indeed, after 17 days, the answer came ...

Dear Oleg Andreevich

The Office of Roskomnadzor for the Central Federal District (hereinafter - the Office) reviewed your appeal, received from the official website of Roskomnadzor (dated 13.06.2017 No. 02-11-123237/77), and reports the following.

Management in accordance with the Regulation on Management, approved by order of the Federal Service for Supervision in the Sphere of Communications, Information Technologies and Mass Communications dated January 25, 2016 No. 38, carries out state control and supervision over the observance of the legislation of the Russian Federation in the sphere of information technologies and communications the territory of Moscow and the Moscow region.

In accordance with clause 18 of Article 2 of Federal Law No. 149- dated July 27, 2006 “On Information, Information Technologies and Information Protection”, a hosting provider is understood as a person who provides services for the provision of computing power for placing information in an information system permanently connected to the Internet. These services are not communication services. Access to the information and telecommunication network “Internet” is provided to the hosting provider by the communication operator on the basis of the communication services provision contract.

In this regard, the activity of hosting providers currently does not require obtaining a license for the provision of communication services and is not regulated by the current legislation in the field of communication.

You have the right to challenge this decision, action (inaction) directly in court or in a state authority superior in the order of subordination.

Acting Deputy Head I. P. Cancer

I remembered one of my favorite gifs

(sorry, someone seemed too big (20MB), I'll put it as a link ).

In general, make your own conclusions. I hope I saved someone these 17 days in order to take some really effective measures.