Dos attacks causing extreme high loads simply because you have a user holding down F5 have now been exterminated on my website.
Joomla loves to serve 1000 requests in 30 seconds and has no protection against these 'attacks'.
Since i had a fucker doing this to my site, i made a system that blocks them after 25 reloads. Without using resources so the site stays up. I actually do not notice it anymore if it wasn't for a module that shows to moderators whats happening by reading the counts in the database.
After midnight a cronjob resets the counters and the user is unbanned. Unless they went over 150 reloads and then they are moved to another permanent table untill personal review.
Upto 1000 counts are registered, after that i stop counting them as i'll have all the evidence i need and the user stops using up resources entirely. Only a small message is displayed that they will be contacted by the authorities and no more logging is done in the database. (serverlogs still work ofcourse)
This system isn't a component, nor a plugin, nor a module, but needs to be hacked into index.php and the 2 tables need to be created manually at 'installation'. Also joomla.php needs a small hack to prevent miscounts on mosredirect()
If you are under attack, you can contact me for a custom job on your server wich could save the day, as it did for me.
The database only stores IP as no joomla data is used or even known (could be guests) but i caught a user that did it and -she- is still shivering from fear that i'll contact her isp. she promised to never do it again. In her case she didn't like it when ppl where 'stealing her highscores' away and she would hit F5 till the site was down. Some bitches are weiiird.. but we knew that right..
Anyway, still available for custom jobs..