Parsing through about 2 million lines worth of logs right now after running a sample on the first 5 minutes. Will likely be banning some IPs based off what I saw in the 5 minutes (people with over 1000 requests for work but less than 10 results sent back, some with 0).
How about deny everything and have people enter their worker IPs when they setup workers. Then just open up the source IP for each worker.