I don't want to sound like I'm issung a challenge, but it seems like the DOS attack on the server is kind of under control.

Of course, I had to block 15 countries and 15,000 specific IPs that were involved. And by "involved" I mean that there are (certainly) bots out there doing the work of whatever DOS perpetrator is behind this. I can probably remove the country restriction and just block the 15,000 IPs for now, even though there's plenty of overlap. I'm sure there's some good folk in those places interested in this and other content on the server. I'm also sure there are plenty of other bots not yet involved in the attack.

The traffic is down to a hit every 10-15 seconds now. Blends in with normal traffic on the server enough that the server is again responsive. The firewall now has nearly 100K rules denying access. I'm sure in the grand scheme that's not even a big number.

I'll keep an eye on it (and the other sites) for other attacks. If anyone's interested, I've got a big list of probably infected machines; I might throw up a "check your IP here" kind of page with this information...intriguing. Of course, I'd have to let those IPs back through in order to be checked.