1. From access_log
213.23.23.17 - - [09/Oct/2004:21:34:20 -0600] "GET / HTTP/1.1" 200 7261 "http://www.superface.net" "Mozilla/4.0 (compat
ible; MSIE 5.0; Windows 98; DigExt)"
213.23.23.17 - - [09/Oct/2004:21:34:21 -0600] "GET / HTTP/1.1" 200 7261 "http://www.superface.net" "Mozilla/4.0 (compat
ible; MSIE 5.0; Windows 98; DigExt)"

repeated hundreds of times. The IP is faked and leads to a DSL address. Sometimes a different domain name is used but the pattern is the same.

2. Also from access_log:
200.91.221.22 - - [02/Oct/2004:09:48:40 -0600] "GET /westhost/awstats.php HTTP/1.0" 200 13475 "http://www.xyzxyz.ne
t" "Internet Explorer 6.0"
210.95.100.253 - - [02/Oct/2004:09:48:44 -0600] "GET /westhost/awstats.php HTTP/1.0" 200 13475 "http://www.xyzxyz.n
et" "Internet Explorer 6.0"
198.26.118.36 - - [07/Oct/2004:23:17:37 -0600] "GET /westhost/awstats.php HTTP/1.0" 200 13475 "http://www.xyzxyz-xxy-xxz.biz" "Internet Explorer 6.0"

This one always hits on the same URL (awstats.php), always has a different IP address and often varies the referer name (to something equally pornographic).

Apart from jacking up my bandwidth usage and filling my logs with garbage (and messing up my log statistics package) does anyone have any idea what is going on here?

I've obscured the domain names in the extracts to get past the webmasterworld filters, but they are usually rather disgusting... :-(

Thanx in advance for any insights.