If the same zombie networks are attacking my site that were attacking your site, the work around is very easy! They all never report a valid User-Agent which makes blocking them a snap. It took my server load down close to zero.
I wrote about it here -
http://blog.tiensivu.com/aaron/archives ... TCHAs.html
Overall, the thing to do is this (a cut and paste from my site):
Serendipity specific spam zombie network workaround involving comments.php:
Many years ago, around the 0.7 revision level of s9y, there was a bug in comments.php that script kiddies latched on to. Version 0.7-rc1 patched this bug, and any newer version cannot be exploited this way.
With that said, my site typically receives about ten exploit attempts per minute from IPs around the world. To help lighten the load on your web server and SQL server, your best bet is to make use of a custom .htaccess entry in your blog directory.
Assuming you are running Apache with mod_setenvif enabled, add these lines to the bottom of your .htaccess:
SetEnvIf user-agent ^$ commentexploit
Deny From env=commentexploit
If your site had been pegging the CPU from all the invalid requests before, it should handle the load much better now.
You will most likely see entries in your HTTP error log like this:
[Sat Sep 29 20:59:38 2007] [error] [client x.x.x.x] client denied by server configuration: /yoursite/comment.php