Marshall,
It's customary in SSID to provide a full-raw-log-ine that includes IP and UA.

I tried a couple of reverse DNS lookups on the domain without success.

FWIW, most folks have most of China denied.

I thought a 500 error is an internal server error. Can one referal or bot get that response when everything else is working as it should?
I don't understand

Not sure why WMT is giving me a 500 error instead of a 404. The URLs from that site changed the question marks in the URL to %3f and the equal sign to %3d so the site is seeing them as invalid links and redirects to the 404 page. Regardless, if you look at the site, there is something very suspicious about it.

Marshall

Not sure why WMT is giving me a 500 error instead of a 404.

You'll need to view your server's access logs. Something about those requests are triggering a setting at your server, something your administrator set to receive a 500 error.

Personally, I block all known Chinese ranges; too much trouble IMO.

I still don't understand it. I thought a 500 error is generated within the server. If an administrator wants to block a particular type of request, shouldn't he or she set it to return a 403, not a 500..

I also don't understand how WMT would know anything about this unless it was googlebot making the requests.

I still don't understand it. I thought...

Which is why you need to look at your logs.

If it's getting a 500 error, they're already not getting through, so you don't really need to do anything more.

Does your site use mod_security (assuming Apache)? It's the server administrator's choice what response to return: 403 or 503 or something creative. A mod_security lockout was my first thought, because Chinese referer spam just reeks of the kind of UA that a server would want to block comprehensively.

The part I don't understand is what this has to do with WMT. Where do the "links" fit in?

The URLs from that site changed the question marks in the URL to %3f and the equal sign to %3d

That's normal behavior if a query string is being included within a further query string. The ? and = (possibly also some %2D for & ) have to be converted to literal text.

if you look at the site, there is something very suspicious about it.

Hm, I see what you mean. Or, at least, I see something hinky, though possibly not the same thing you saw.

:: detour to FF and Live Headers, which leaves me none the wiser and also makes me wonder about the Laotian connection (involving Chinanet, yawn) and what the ### is port 82 doing in there? ::

The fun part is that if you look up kb58.cn in the free lookup of your choice, #1 the thumbnail is an entirely different site, but #2 all the suggested similar sitenames involve some similarity to "google". So they can't quite make up their minds what mask they're wearing.

Just to follow up. I contacted Google and that website has been taken down.

Marshall