And here I was wondering why our site was so slow ... Turns out we have a massive case of referrer spam for, AFAICS, four domains:
The requests seem to be coming in from a lot of different IP addresses, so I'd suggest blocking by referrer. They also seem to use the same user agent string on all requests: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU; rv:1.7.5) Gecko/20041108 Firefox/1.0
Russia, it seems. Why doesn't that suprise me at all?
The two ...4me domains are supposedly registered to a
WILLIAM B CANTON (firstname.lastname@example.org)
2028 OAKMEADOW CT APT 805
while the other two are registered to
Andrey Monst (email@example.com)
All four of them are hosted on the same server, 22.214.171.124 (InterCage, Inc., CA).
Have to look into this closer at another time - I have to keep a website up and running here ...