A client has recently experienced an internal server attack.
The perpetrators used a webform to taunt them after the fact.
The website itself remains unaffected, but we are wondering if there is any log information about our site visitor available through Cloudflare.
The website utilises the free Cloudflare tier for its excellent caching service.
We have the date/time and IP address recorded by the webserver for the suspected hacker.
Logging is fundamental to performing any post-mortem analysis of an attack; you should do this on your servers.
Cloudflare doesn’t provide any relevant logging unless you are part of the Enterprise program.
That’s good, consider giving notice to the authorities.
Can I trace a malicious actor?
Essentially not, this only makes sense if either you or your client report significant losses and have the budget to perform an investigation and legal actions on the suspects.
When we receive DDoS attacks, we reach out to our local authorities to let them know the event that took place.
We don’t expect any outcome of the situation, it’s for the sake of giving information that might seem irrelevant for us but might help them in existing investigations if the perpetrators are behind a team or a known ransom campaign.