Max # connections/requests feature

First off, we are under constant ddos attacks, not sure why, not sure who, but they are quite persistent. We've been running APF and even upped to a hardware firewall for $50/month from the host.

I asked around and most seem to think purchasing this script would help, considering the fact we have both a software and hardware FW already, but I just wanted to ask for another opinion.

Our main problem, is that somehow our members (including myself and my staff) can easily rack up a high number of connections (otherwise known as requests, right?) so many legit users get blocked from the script. So after a wave of ddos'ing, then we spend the next few days unblocking legit users, at least ones not on the white list. So my question is does your software handle this differently in any way? Would there be a way to decipher between legit high connection IPs and botnet high connection IPs?

And is there a way to block all traffic to a specific url, in case the botnets are hitting one url specifically?

And I guess a more general question, are there other users with this problem, or would you have an idea as to why its easy for our forum users to rack up such a high number of connections? Too many mods? 1 faulty mod? Ajax? Shoutbox? etc etc? It would make things a lot easier if we could lower that "baseline" connection number, so when we do block any IP with over 100 connections we can be more sure that it is in fact a botnet IP.

thanks for any help! and please link me to other threads if these questions have already been answered.