Seb7 - 10:33 am on Dec 14, 2011 (gmt 0)

I had this last year on an IIS server, 1000s of the same page request every second from exactly 10 random IP addresses at a time.

Getting the server not to send a page helps. If you can get the server not reply at all (at a TCP/IP level) makes quite a difference on the server load.

The bot I had, I descovered it would action a 301 redirection, so redirected it to its own IP, which reduced the server load to practactly zero.

These sort of bots are getting very common, any large website needs some sort of load protection against this sort of activity.

Since then, I now slow or block any IPs which have gone over the threshold above being a very active user. If a single user is making your site unresponsive, then dont let all your other users suffer.