I'm getting a huge amount of traffic to web servers looking for bittorrent type queries:
110.152.78.14 - - [27/Jan/2015:01:45:22 +0000] "GET /announce.php?info_hash=%3E%F3%0B%907%7F%9D%E1%C1%CB%BAiF%D8C%DE%27vG%A9&peer_id=%2DSD0100%2DA%3EFp%DB%CB%8C%87%3F%B8%CEw&ip=192.168.10.104&port=12606&uploaded=4689970239&downloaded=4689970239&left=0&numwant=200&key=22692&compact=1 HTTP/1.0" 302 562 "-" "Bittorrent"`
36.36.12.121 - - [27/Jan/2015:01:45:22 +0000] "GET /announce.php?info_hash=%9c%7f%18%11hr%d0%5dN%ac%8b%d7%91%dbe%c8%93ttt&peer_id=-QD1900-0selUZY3.7Qj&port=4385&uploaded=0&downloaded=423012352&left=746990326&key=d20abe93&compact=1&numwant=200&no_peer_id=1 HTTP/1.0" 302 535 "-" "qqdownload/1.9.273.0"
140.206.125.62 - - [27/Jan/2015:02:15:17 +0000] "GET /banners/289288/289288_20150125123826_300_250.jpg HTTP/1.1" 302 335 "http://syndication.exoclick.com/ads-iframe-display.php?type=300x250&login=alexsemuel&cat=97&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008000&adult=0&sub=&text_only=0&show_thumb=&idzone=534211&idsite=193595&p=http%3A//privatehomeclips.com/tags/doutzen-kroes-leaked/2/&dt=1422324901966" "Mozilla/4.0 (compatible; MSIE 8.0; Wind
It's getting to the point where its taking down our small educational content provider. AFAIK, none of these are actually getting a 200, so it's extremely baffling why this is happening at all.
Edit: All of the IPs are from china. I recall our security guy warning about China DNS poisoning BT and porn sites. The responses are 302 because the vhost is configured to redirect anything not using the 'official' domain name. After reading http://furbo.org/2015/01/22/fear-china/, I set up a default vhost and see about more permanent solutions in the morning that don't involve blocking all of china.
