I'll preface this with "I used to work for an online poker company and every mofo in the planet used to attack our network"
Firstly consider what type of target are you. Most DDoS attacks are launched for a lot longer the 30 minutes and they are certainly not regular. They are looking to see if they can bring you to your knees so they can blackmail you. Is your site that valuable? If so forget everything and get yourself a cisco firewall and pay someone who knows what they are talking about. Cisco are expensive but if you have a valuable site that 1% of real traffic needs to get through.
Assuming your not in a position to be blackmailed: As other ycombo's have mentioned logging and blocking are your friends but be careful. You say it's mysql taking the time despite caching. Looks to me like you've found a bug in your code (or at least your caching). Log what these IP blocks are requesting. If it looks algorithmic then the chances are you've got a crawler ignoring your robots.txt. Contact Purdue. Call them up (they will ignore your email) and ask them what's going on.
You could chose to block these ip ranges but if you make your site weather this storm it will be stronger in the future.
Firstly consider what type of target are you. Most DDoS attacks are launched for a lot longer the 30 minutes and they are certainly not regular. They are looking to see if they can bring you to your knees so they can blackmail you. Is your site that valuable? If so forget everything and get yourself a cisco firewall and pay someone who knows what they are talking about. Cisco are expensive but if you have a valuable site that 1% of real traffic needs to get through.
Assuming your not in a position to be blackmailed: As other ycombo's have mentioned logging and blocking are your friends but be careful. You say it's mysql taking the time despite caching. Looks to me like you've found a bug in your code (or at least your caching). Log what these IP blocks are requesting. If it looks algorithmic then the chances are you've got a crawler ignoring your robots.txt. Contact Purdue. Call them up (they will ignore your email) and ask them what's going on.
You could chose to block these ip ranges but if you make your site weather this storm it will be stronger in the future.
Good luck