I'd start collecting the IPs and try to figure out the similarities. Odds are good that they are proxy servers, and that this in a single program hitting you via these proxies.

Quote from:
[leekillough.com...]

"Altavista and DIIbot use suspicious request methods to test 404 errors. These robots, and perhaps others, probably use this method in order to figure out what a server's 404 response is (a kind of "profile"), and assumes that it's the same for all 404 pages.

Altavista only started doing it this year (2002). They request the page: /kjhgdkjhf1goifj2lktjelj34knfhjguih8bbj/index.htm.

However, these requests are completely innocuous to Apache, and probably do not need to be blocked. "

HTH
Hanuman

Yes, I've seen those strange hits, too. I'd tracked them back to Altavista via the IP, and so I didn't worry about them -- plus therere are so few of them. Now I know what they are! Thanks!

As for the random user agent strings I first wrote of, my best guess is that it is either part of a research project or some kind of privacy software. It's not a bandwidth problem at all, just a curious phenomenon.

I also got similar random named user agents (UZWIKKDJYZNQ, HQYLPTAQR etc). Had a closer look at my logs and saw that they were only accessing certain files on my site (maybe 3 pages out of 25). The following user agents were also accessing ONLY these pages.
DSurf15a 01
PSurf15a VA
DSurf15a 71
DBrowse 1.4b
EBrowse 1.4b
PBrowse 1.4b
DSurf15a 21
These user agents have been discussed previously in the following topic
[webmasterworld.com...]

The IP Address that this requests were coming from in my case
Jan 2002
65.94.239.163 - sympatico.ca
64.164.168.5 - pacbell.net
64.168.52.18 - pacbell.net
Feb 2002
66.124.198.87- pacbell.net
Mar
66.8.238.40 - rr.com
65.29.87.208 - rr.com
64.56.136.135 - WIBAND.COM
66.69.88.150 - rr.com
68.5.42.39 -cox.net
67.114.76.186 -pacbell.net
Apr2002
68.14.25.59 -cox.net
68.5.99.89 -cox.net
68.5.32.54 -cox.net
May
207.30.161.96-sprint-hsd.net
68.4.200.220 -cox.net
68.96.97.116-cox.net
Jun
24.101.54.122 - Rogers.com
24.101.97.21- Rogers.com
66.176.44.203 - attbi.com
68.101.132.52 - cox.net

They seem to be coming from different ISP’S. My opinion is that they are spambots, trying to get email addresses?
I’m almost positive that they are related to Dsurfx and the other user agents. Can anyone else spot a relation in their logs between these?

I've had all these user agents coming from similar IP's, they only EVER visit default home pages and /guestbook/ default pages. Also recorded the random upper case agent coming from the same IP's after blocking *Surf* and *Browse* agents - definitely email harvesters IMHO, I have a trap out for them to try to verify.

Yeah ive noticed that they seem to add blank entries to guestbooks. I found an example on the web at [donotenter.com...]

Never added anything to mine like that - different field names at a guess?