Sorry, I didn't know exactly where to post this so I did it here.
We are seeing a flood of web requests (20 or so per second) to our CAS server from certain clients logging into Moodle. The log entries on the CAS server look like this
155.47.47.196 - - [10/Apr/2014:09:29:30 -0400] GET /cas/login?service=https%3A%2F%2Foncourse.wheatoncollege.edu%2Flogin%2Findex.php&gatewa
y=true HTTP/1.1 200 370 ???'???resource in 'calendar, mail, portal, resource{usid}c -
155.47.47.196 - - [10/Apr/2014:09:29:30 -0400] GET /cas/login?service=https%3A%2F%2Foncourse.wheatoncollege.edu%2Flogin%2Findex.php&gatewa
y=true HTTP/1.1 200 370 ???'???resource in 'calendar, mail, portal, resource{usid}c -
We initially thought we had this issue resolved, we thought it was a Safari SSL bug in Mac OSX 10.9.1 but today we saw a Windows computer do it (although it did have Safari 5.1.7 installed) but we couldn't reproduce the issue after it stopped. Back when we found an OSX 10.9.1 system doing it we could easily reproduce it, just log into Moodle and it would start hammering away at the CAS server. If you used Chrome or Firefox it didn't happen. Even after we upgraded to OSX 10.9.2 and used Safari to get to Moodle it still kept happening until we dumped the Safari cache, then it stopped.
We are running some version of Moodle 2 (not sure, I'm not the Moodle admin). Any thoughts on what could be causing this? One machine yesterday made a quarter of a million web requests to our CAS server alone!