DoS Attack, Need help understanding requests from access log

Hi everyone,

This is the second time by server has been hit by a DoS attack, both coming from the same locations in the US. I've gotten in touch with the organisations (I believe their servers are part of a botnet), but I need some help understanding what my access logs are saying here.

The only thing I don't get is what I believe is the request involved. It looks like a long URL string, but it has paramters I don't recognise. The site is a WordPress site, with a bit of custom PHP, but nothing that looks familiar in the below:

(Please note I've removed the IP addresses from the logs as they're not relevant to my question)

XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /&ei=v4ndSrPrIob0sgOKspHcDw&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNEseq3LMyLHcqAGdHEJj27eZ-OP-A HTTP/1.1" 404 377 "-" "Mozilla/5.0 (compatible; Konqueror/3.1; Linux; en)"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /&ei=vL_USv-DCJCEswOw3eHaCg&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNGDCOJWhdFrzVfbpDzFcekOUk-E9w HTTP/1.1" 404 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /page2.html?pageId=17 HTTP/1.1" 404 377 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /&ei=tvHlSrb5K4aIsgO8ksCwBA&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNF4SnE4vKvVpg4rutPN2ZqNCTVbKg HTTP/1.1" 404 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /&ei=GjPnStbRFonqtgPs_ZyYBQ&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNHUXLVe3iSdnL78VDZaRuJX4C2sHw HTTP/1.1" 404 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /page3.html HTTP/1.1" 301 238 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /&ei=_-vMSpafB4OOswPGjbnGDg&sa=X&oi=spellmeleon_result&resnum=2&ct=result&usg=AFQjCNEZPRANaNnFU59z93MeSoPFic7Q5w HTTP/1.1" 404 377 "-" "Mozilla/4.7 [en] (Win95; U)"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /&ei=rN7YSsOMDaLOtAOu-dGLBg&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNHPFmtwYP5YrN9RggAayXUNztZ_sg HTTP/1.1" 404 377 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040218 Galeon/1.3.12"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /&ei=v4ndSrbdKImSsgOf1-zSDw&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNGVqX3HrVg4o5HLE5iQ6G0_8NKODQ HTTP/1.1" 404 377 "-" "Mozilla/5.0 (compatible; Konqueror/3.1; Linux; en)"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /&ei=plLTSsHtLJC2sgP43J3wCw&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNEtn31AWiiZyGJ3fSqin-kQAlbSFw HTTP/1.1" 404 377 "-" "Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /&ei=yXfPSs--LpCasgPszcS1Dg&sa=X&oi=spellmeleon_result&resnum=2&ct=result&usg=AFQjCNGFvwEbMrdoUm2uH-c-wU66QUqZNw HTTP/1.1" 404 377 "-" "Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /page5.html HTTP/1.1" 404 377 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /&ei=vfHlStjVO4WMswOMiuSwBA&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAsQhgIwAQ&usg=AFQjCNFhw2bBMDZtvZQnigw466Tlv7vVEQ HTTP/1.1" 404 377 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.0; DigExt; .NET CLR 1.1.4322)"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /&ei=f4LkSoaHJIn8sQPe3ey6Aw&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNHTs4ptTUtxQiL8t36kIkCj-DsT6A HTTP/1.1" 404 377 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.0; DigExt; .NET CLR 1.1.4322)"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:47 +0100] "HEAD /page6.html HTTP/1.1" 404 377 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:48 +0100] "HEAD /page2.html?pageId=7&size=standard HTTP/1.1" 404 377 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; DigExt)"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:48 +0100] "HEAD /&ei=rVLTSpXNLI-4swOokISuCQ&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAsQhgIwAQ&usg=AFQjCNHoqmYrAqlOUGgIDO84Yqx9GJO2Ow HTTP/1.1" 404 377 "-" "Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:48 +0100] "HEAD /&ei=u1LTSoWlEZH8sgPJq9nwCw&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNFt3t1NbSSVaW4ME4cLLy6BJDTEWQ HTTP/1.1" 404 377 "-" "Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:48 +0100] "HEAD /&ei=_-vMSqXrMZTQtAOpwfXFDg&sa=X&oi=spellmeleon_result&resnum=2&ct=result&usg=AFQjCNEG7bGO2Od-3DpOBX1iVmDkNFCrGQ HTTP/1.1" 404 377 "-" "Mozilla/4.7 [en] (Win95; U)"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:48 +0100] "HEAD /&ei=VbvrSq2lNYzosQPNzP3hBw&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNG95bNP4PeQ_Pk-X7kp4Owp0BVmsg HTTP/1.1" 404 377 "-" "Mozilla/5.0 (compatible; Konqueror/3.1; Linux; en)"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:48 +0100] "HEAD /&ei=qFLTSon6NoOMtAPVmq3wCw&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNE43bvwrx9-GnXG4_DrXbCtcqsm1w HTTP/1.1" 404 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:48 +0100] "HEAD /&ei=rGzgSv7MJIHYtgP71MHeCA&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNGXjbLXryeoixAywsgY3r2D3Qkwgw HTTP/1.1" 404 377 "-" "Mozilla/5.0 (compatible; Konqueror/3.1; Linux; en)"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:48 +0100] "HEAD /&ei=9uvMSp2iPIvYtgOY0P3IDg&sa=X&oi=spellmeleon_result&resnum=2&ct=result&usg=AFQjCNGoWlvyd_CyXYw3NEzK46sJScaGwA HTTP/1.1" 404 377 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]"
XXX.XX.XXX.XX - - [06/Aug/2011:13:35:48 +0100] "HEAD /&ei=IzPnSrzvIYHUsQPiyrmfBQ&sa=X&oi=spellmeleon_result&resnum=2&ct=result&ved=0CAkQhgIwAQ&usg=AFQjCNHa80YdhQnLt06CfJxnoBtu3ILMew HTTP/1.1" 404 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4"

This is just a few lines of the 2000 requests which killed my server today, but they're all pretty much the same as these.

Many thanks,

Darren

Web Design Forum: DoS Attack, Need help understanding requests from access log - Web Design Forum

WDF Marketplace

WDF Marketplace Resources

WDF Community

Web Design Resources

Web Development

SEO, Marketing & Business

Software & Hardware

The Marketplace