When I check the logs for the account that is being attacked, latest 300 visitors, it always show the agent "xoxoxoxoxo". The iP adress is not the same all the time. There's like 10K hits with one IP and then 3K hits with another and it doesn't help blocking these IP's. The attack came back today after 7 day rest. When suspendning this account or just stop apache the load is fine. I have tried using robots.txt to block but it doesn't help.