is there anyway to stop a DDoS attack?
if they are repeatedly loading your web pages i guess you could ban all IPs that load more than say 20 pages in a session. depending on how big your site is.
Have you got a bot catcher on your page? that's a hidden link on your page that not allowed to be followed by search engines, anything that follows it gets their IP banned.
update your robot.txt/.htaccess files to ban all the known bots.
block all foreign IP ranges, esp china, India etc... or anywhere you don't do business.
host processor/memory intensive parts of your site on different hosts. esp if you have a forum.
make sure any email forms on your page can't be hijacked by spammers.
ban proxy IPs (free lists are published on the net everyday)
hope that helps