I was working on web page redirect code last week, and I had put in some diagnostics to show the requests that were coming through.  Almost instantly I received a request for "GET http://www.python.org".  A few seconds later it happened again. 

This makes no sense - who would be requesting "GET http://www.python.org" from CowCats.com.   The answer it turns out isn't who, but what.  You can't actually make that request from the browser address line.  You have to do it with software. 

When a person using a browser requests a file, the server field REQUEST_URI will look something like "GET /index.html".  These file requests always start with a slash.

So I started looking for instances where REQUEST_URI doesn't start with a slash.  Here are some examples of what I found:

• GET http://awmproxy.com/check.php?IdProxy=3269370&Time=1226910803
• GET http://meiluziai.info/proxyc2/engine.php
• GET http://dvd-rip.com.ua/proxyc/engine.php
• POST http://klik.in/proxyc/engine.php
• POST http://px.valik.biz/proxy5/check.php
• POST http://arm.br0wse.com/aposter/proxy.php

Obviously this is a server rather than email version of spam, but why. 

Apparently they are trying to use CowCats.com as a proxy, to make it look like these requests came from CowCats.com, when in fact they came from somewhere else.  That would make their requests essentially anonymous on the receiving end.  The good news is that our servers don't fulfill these requests, so these digital vermin are not getting what they want. 

But they are clogging up the tubes.  Just yesterday CowCats.com received 2,870 subversive requests.  That is almost two requests for every single minute of the day, 24 hours a day.  What a waste of resources. 

These requests come in from many different IP addresses, so it's not really feasible to block them all.  The only option for now is to keep monitoring the situation and hope that the volume of requests doesn't become so large that it becomes a denial-of-service issue for legitimate users.