Wikigadugi.org has been under a massive Bot-Net generated denial of service attack since late yesterday. The IP addresses are from China, Korea, Turkey, and Russia. Blocking at the firewall or proxy just results in more spawned attacks from hundreds of new and unrelated IP addresses. I found one solution which was limit the number of connections httpd allows concurrently and this seems to allow legitimate users to access the system though the attacks persist. The attack pattern seems very specific to MediaWiki behavior. It attempts to load an article then aborts the HTTP request while MediaWiki is churning through the database, then immediately issues another request for another article. It in essense shotguns through the entire name space of articles rapidly. It has trouble taking MediaWiki to its knees but had no trouble taking squid down to a crawl on the proxies and choking the network with garbage.

What do you guys do to deal with these zombie bot-net attacks on this scale?

Jeff