Somewhat OT but RE:Abuse

["Madziarczyk, Jonathan" <than () cityofevanston org>]

Hey guys,
 
This is kind of a big question, I realize a lot of it depends on my
company's policy, but even your own procedures would be good to hear.....
 
Okay, so I set up snort and I do find "people" are trying to hack into my
web site or anything else for that matter.  What do I then do?  I've got an
IP address, now what?  I realize ping -a or something like that, but what if
DNS doesn't resolve?  Do any of you have a typical procedure you do?
Blocking the IP address is obviously a mixed bag (especially if it's a bot).
 
Any suggestions or ideas on where to look for this info would be great, and
very appreciated!
 
Sincerely,
JonM