manecito - 5:29 pm on Aug 6, 2013 (gmt 0)
Not really much to add (especially being a newcomer here), other than corroborate the overall 'feeling' that "synapse" is some sort of botnet/attack.
For months now, we've seen sporadic direct entries to pages with query strings, including our Search pages, which are disallowed via robots.txt...although this doesn't identify itself as a bot and I have never seen it hit the robots.txt.
Like dstiles, what's concerned me and drew my attention to them in the first place was the use of the -1%27 parameter while researching a Searchbot Attack episode from a bunch of empty UA IP's.
Here's an example from earlier today, but we get dozens per day like this. I just recently added them to my Bad Bot ban list and they're sent to our 403 page now, but perhaps this will help others.
Note the q parameter from our search results page. They also use the -1%27 for the cx and cof parameters, which of course are associated with our Google tracking and would NEVER have a variable associated with them, so the -1%27 is very suspicious.
2013-08-06 00:21:31 W3SVC5 OUR-SITE xxx.xxx.xxx.xxx GET /search/results/default.asp cx=014533310200406954816jxmtrri0fhi&cof=forid10&ie=utf-8&q=-1%27&sa=search 80 - 184.108.40.206 HTTP/1.0 Mozilla/4.0+(compatible;+Synapse) - - www.eis-inc.com 403 0 0 9764 403 1156