So, there’s finally been a bit of chatter about an attack that’s been ongoing across many webhosts for a few weeks. The most effective solutions that I’ve seen involve identifying patterns in the nefarious traffic, and blocking based on that. Something like this mod_security rule: