I found a nice list of IP's that have been shown to be involved in WP Pingback DDOS attacks. I've placed them into a ruleset along with some others that I've found making numerous attempts to log into my mail services (one of them was over 2000 attempts in a few hours). Since the rule set is over 7500 lines I've created an article and instructions on how to use them over at my Linux site (since I doubt that I could post that long of a post here). You should be able to use them even without CSF - you would just have to incorporate them into a script that runs at startup. The article is available at https://servinglinux.com/articles/entry/5-ipset-to-block-ip-s-via-csfpre-sh/ if anyone is interested in using them.