Something truly weird is going on - that I haven't been able to figure out. There seem to be a bunch of machines connecting to port 80 on my web server and then not doing anything. I thought this was to do with spam, thus the firewalling I did the other day, but it seems that they just connect and then stop.
Anyone else seeing anything like this happening? I'm not sure if they are just misconfigured systems or this is an intentional attack on my server.
I've hacked up a little reverse proxy that lets me see what is going on, and also to prevent anything from tying up an Apache process until it's actually told the server WHAT IT WANTS (and if it doesn't give me at least one HTTP header within a minute, it gets booted off). As a bonus, it should also do what reverse proxies do well - handle the grunt work of delivering bytes to clients and free up Apache processes to actually create data.
This should hopefully FINALLY make things work better. Let's see...