What is generally effective?
1.) Information gathering. If you own the machines under attack, then you set up a program such snort which will give you information about where the attacks are coming from. You should then contact the individual owners/operators of those machines to alert them of the fact that they have been compromised. You might think this is a futile task, but doing this I've gotten a few hundred machines secured.
If what you mean here is contact the owners of the machines that are attacking the website then there is proof that he person attacking the website has over 55K compromised hosts, I don't think we're going to go through all of them.
