We've found that there is another major botnet scan of entire IP ranges going on, that are looking for specific vulnerabilities in content management systems that are not updated. We've blocked a few domains that are being totally slammed by 100's of IPs at a time, and working to find others like it now. We may have to temporarily disable if hit the hardest now, and restore it once the botnet storm passes, but are looking for alternative means as well, just trying to make out the patterns.