Have you considered something like CloudFlare to help protect the front end? It won't do anything for the mining ports, but it might help defend the website.
In this instance it was a pool server bug undetected in testing that made the getwork miners go nuts. But yeah, I have considered CloudFlare. I may go for that in the future with more servers.