While running the web traffic stats for some of my podcast sites, I noticed that a bunch of my MP3 files have been downloaded a bunch of times from the same IP address. And then two seconds later, it is downloaded again. Luckily the second time apache reports a 206 (file unchanged) error. The IP addresses all map back to China. Sometimes the referrer is http://www.qq.com, apparently a Chinese portal. Sometimes the referrer is listed as a web site, with an IP address, e.g. http://920.981.927.954/index.html
Is this a lame DOS attack? Or simply people in China looking for downloadable music? Maybe these IP addresses are simply the IP address of the proxy that China has to use to get out to the wider Internet. Should I simply block http-request traffic from China? My podcasts certainly aren’t being marketed to anyone in Asia.
Amusingly, I did find a referrer from a music sharing network that indexes based on mp3 tag and filename. I have no music to download, but the title to one of our reviews has “music man” in it.