It's all Chinese to me ...

202.108.11.232 - - [29/May/2005:00:51:32 -0400] "GET / HTTP/1.1" 200 49583 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
202.108.11.232 - - [29/May/2005:02:01:38 -0400] "GET / HTTP/1.1" 302 215 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
202.108.11.232 - - [29/May/2005:02:01:41 -0400] "GET / HTTP/1.1" 200 49417 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
222.185.1.98 - - [29/May/2005:08:30:20 -0400] "GET /forum/ HTTP/1.1" 200 38586 "http://www.plasticmachinery.cn/English/Used_Plastic_Machinery.html" "Baiduspider+(+http://www.baidu.com/search/spider<a href='http://www.plasticmachinery.cn/English/Used_Plastic_Machinery.html'>.</a>htm)"
222.185.1.98 - - [29/May/2005:08:31:26 -0400] "GET /article.php/ HTTP/1.1" 200 116 "http://www.plasticmachinery.cn/English/Used_Plastic_Machinery.html" "Baiduspider+(+http://www.baidu.com/search/spider<a href='http://www.plasticmachinery.cn/English/Used_Plastic_Machinery.html'>.</a>htm)"
219.130.215.181 - - [29/May/2005:09:40:17 -0400] "GET /forum/ HTTP/1.1" 200 14503 "http://www.izhuqiu.com" "Baiduspider+(+http://www.baidu.com/search/spider<a href=http://www.mobilecity.com.cn>.</a>htm)"
219.130.215.181 - - [29/May/2005:09:41:18 -0400] "GET /article.php/ HTTP/1.1" 200 116 "http://www.izhuqiu.com" "Baiduspider+(+http://www.baidu.com/search/spider<a href=http://www.mobilecity.com.cn>.</a>htm)"

The first 3 requests look legit, but the others - especially the ones with the HTML in the user agent string - are odd.

I'm going to block that bot. Sorry to any potential readers in China, but this looks too fishy for my tastes ...

I'm also seeing visits by Baiduspider on my other sites, but it's behaving there - no referrer spam. Maybe the spamming Baiduspider is fake. But I need more data to be sure ...

Okay, note to self: Check Michael's site more often - he's already done the analysis and separated the faked Baiduspiders from the real ones.

I have found that this Baidispider uses many Ip's and I keep adding them to my firewall to block them. Every time thet get to scan one of my sites I start getting spam from all over on my contact us forms. I have no doubt that this spider is scanning sites to find contact us forms it can pass on to spammers. This is why it is scanning english sites. Evertime I block them and chnage my contact us form file name the spam stops until they come in o a new IP and then the sdpam starts again. There is no doubt that they are responsible.

They are doing RFI (Remote File Inclusion) to Hack your website. Check Webmaster Tools in Google. You may find that your top keywords are drugs. Use the Google Toolbar option called Translate (English to English to see what Googlebot sees They may be including spam links on the fly) on your WebPages. You may be surprised at what you see. You can also check your source and search for words like Pres*crip*tion and Vi*ag*ra, etc. (forum is seeing those words as spam) They may be inserting iframes with width & hight set to "0", so you cannot see them. The cause may very well be your form & php.ini file settings. Check the following "allow_url_fopen". Set it to Off. (Will not allow the bot to include a remote website URL). Also set "register_globals" to off. Here are recommended settings that you can change, but test to make sure you do not break your website.

allow_url_fopen = Off
expose_php = Off
register_globals = Off
display_errors = Off
display_startup_errors = Off
log_errors = On
error_reporting = E_ALL
error_log = /Your Website Directory Path/phperr.txt

Baiduspider is a spider from China !
They hit our site every morning ( About 6 of them for about 20 minutes )