Take a look at your Apache logs, if you have access to them. See if there's a consistent user-agent or IP address involved in accessing these pages, and then block it via robots.txt (unlikely to help, honestly, if it's a malicious attack) or by using .htaccess to deny them access to your site. 

For most sites, those steps are sufficient to resolve a problem like this. Now, if you're truly under attack by an organized attacker that's launched a DDOS on you - then you'll need your hosting provider to step in and help. But in my experience, it's usually not a DDOS that causes things like this, it's usually scripts and bots that are either scraping your site or attempting to compromise your site's passwords, in which case, blocking them via .htaccess will resolve the issue.