308 referrer hits from www.xxxstoryarchive.com, 282 from amateur-porn.us, 282 from nude-lesbians.us, etc. Somehow I doubt it. All the hits are 404s, looking for e.g.
nn.nn.nn.nn – – [12/Jan/2003:18:52:13 +0000] GET /pics54754-96 HTTP/1.1 404 284 http://www.celebrity-nude-pics.com/ “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)”
Hits from hosts at AT&T WorldNet Services and an SBC PPPoX pool. They’re all MSIE 6 on Windows, and it’s been going on for a month or so.
Theory: sounds like MSIE’s download-to-‘view’-offline functionality has bugs; when it hits a 404, maybe it requeues that request but then sends it to entirely the wrong IP.
Alternative theory: it’s a pathetically underpowered DDoS. ouch!
Anyone else seen this?