I may be a bit late to your party...
I had the same problem on some clients' sites and spent *many* hours tracking down the problem.... I finally did!
GoDaddy sends out its own internal bots via its SiteScan - checking sites on their servers for vulnerabilities that could compromise the websites as well as the GoDaddy servers. These usually run late at night... I usually see it around 2-3am. Besides being a problem for Firewall 2, your site will come to a virtual screaming halt while it's being scanned.
GoDaddy actually has a list of the IP addresses they use, and I found it!
I have added a block to those IP addresses in the site .htaccess files and the problem disappears.
Here's what I added...
<Limit GET POST PUT>
Order Allow,Deny
Allow from all
# IP addresses below deny GoDaddys website SiteScan
Deny from 72.167.191.1
Deny from 72.167.191.2
Deny from 72.167.191.3
Deny from 72.167.191.6
Deny from 72.167.191.7
Deny from 72.167.191.8
Deny from 72.167.191.11
Deny from 72.167.191.12
Deny from 72.167.191.13
Deny from 72.167.191.14
Deny from 72.167.191.15
Deny from 72.167.191.16
Deny from 72.167.191.17
Deny from 72.167.191.18
Deny from 72.167.191.19
Deny from 72.167.191.20
Deny from 72.167.191.10
Deny from 72.167.191.21
Deny from 72.167.191.22
Deny from 72.167.191.23
Deny from 72.167.191.24
Deny from 72.167.191.25
Deny from 72.167.191.26
Deny from 97.74.139.193
Deny from 97.74.139.194
Deny from 97.74.139.195
</Limit>
I hope this helps!
Ken
