I've been banning the offending IP addresses as they come in. The tricky part is making sure that the error messages that I get telling me that user so-and-so had a "password incorrect" error are not being generated by the users themselves. Because of this I generally wait until I see two or more login attempts for different user names from the same IP address, then I ban them.
Eventually this will all go away, I'm sure. Until then, try a browser that saves your login credentials and then it's only a one click affair to log back in