lol thanks for the offer Colin
Actually.. Ive been doing a bit of reading on the subject this eve and how this particular bot works. Even though it may appear to have been originating in Latvia, that this particular bot is simply making use of open proxies. One of the things I have noticed is that it sometimes 'moves' through countries as you block one country it will find another.... each time getting 'nearer' in the EU if you know what I mean* I guess the .ru and similar blocks are easier to find proxies so it goes through there first.
SMF forum advice is theres not much point IP blocking as it will only find another.... although I and others have found that it does help quite a bit. Im currently bouncing off on average at least 10-15 an hour using this method, so its at least keeping some of it at bay.
AFAIK this is the first time a bot has majorly been able to attack SMF big style, and previous bots tended to target other php forums. Looking at SMF's first reaction yesterday, I dont think even they believed quite what was going on at first, as SMF has always had one of the best php forum reputations for security and anti-bot measures.
I suppose it was only inevitable that as SMF became more popular because of just that reputation, it was a challenge for someone just waiting to happen.
*one of the things I said to the mods yesterday before we knew the full scale of this attacks was 'persistent little git'.