CGI Raping a.k.a How to Target a DoS at a specific Site.

Here's what happened :

nph-anon.cgi installed to allow surfers to surf "anonymously" (the domain referenced here is not my domain)

Test can be found at : http://www.cotse.com/anonimizer.htm
Test link: http://anon.cotse.com/cgi-bin/nph-anon.cgi/http/www.altavista.com/

This is done as a service to my customers.

Now somebody launched an attack based on Multiple calls to nph-anon.cgi. These calls prompetd it to download a JPG picture.

There have been made over 65.000 (last time i was able to see the logs)
calls (from on IP) in a short time period to that cgi script.
Being a nph script on every (!) call it created a socket to connect to the server holding a picture.

Result:
- Eat up 99% of system ressources (VHost)
- My ISP blocked my (whole) account (forbidden 403).
- My ISP accuses me for creating connections to the remote server.

- My ISP does NOT believe me that somebody made thousands of Connection to that script. (they pointed out nph-anon.cgi being the script eating up the ressources) although the LOG CLEARLY indicate that there have been Remote calls to that script,

- My ISP attacks attacks myself (!) by saying
<<<This attack, if it truly is that, is the first in the history of our company. We have never had a DoS attack that was specifically targetted at a domain on our servers. We must ask what you are doing than to create this attack and we must also ask ourselves, given the previous incident with your previous domain, if hosting you is something that is still an option.>>>

- I used .htacces to ban the IP and rewrote the rulset based on HTTP_AGENT
(was set to getright 4.1.1 then to Mozilla 3.1.1)
Mozilla 3.1.1 does not exist... (there is a "compatible with" attached)

'Note hat I HAD NEVER any problems with them, never did something wrong, and in fact I helped them by sending the latest patches to flaws found to exist in their Servers.

So now I am the culprit right ?
(I won't disclose the host here, neitherway I must admit that I feel quite fourious about them, btw they will recognize themselves here and perhaps I will get answers here becuase no answers are given to my mail)

[ Help
- Could anybody point me to some FAQ or Help text which explains how to limit exessif calls to CGI scripts?
- Are there any known server side programs that do exist to protect from such happenings ?
- Please comment the "We have never had a DoS attack.."

Also note that the site was a Business Type site, including a FREE Redirection Service (like cjb.net) so I have 110 customers waiting to access there redirection accounts.

Is this how normal Hosts react? My experience has been (common sense too) that they usually chmod the cgi file creating overusage to not being executable anymore.

If this is the wrong place to post please relocate my post into the appropraite section.

Regards,
Thierry Zoller