So... My site has been systematically attacked by robots.

They are accessing a blog module that we Don't Even Use anymore... we used it for an overseas tour... and only kept it up for Archives. Naturally I have torn it down now, or else I'd show it to you!

It was a XOOPS module... and the file they were looking at was this:
/xoops/modules/weblog/weblog-tb.php

Usually followed by a number:
/xoops/modules/weblog/weblog-tb.php/20
/xoops/modules/weblog/weblog-tb.php/16
etc.......

I don't get the file convention. . as there was no numbered directory.

THe IPs came MOSTLY from India, Brasil and Korea. . and there is no weighting as to hours or days.

I noticed a couple weeks ago some mysterious files had been CREATED in that directory..."core files" with names like "core.7234"
I deleted them all.. and they never came back. I forgot about the issue until We went over our bandwith limit. Then I looked into it further!

Does ANYONE know whats going on???

thanks a ton!
cameron

Sounds like they were either spammers, looking for something to spam, or hackers. What user-agents were they using? Was it some sort of spider, or standard browser? That could give you an idea what they were trying to do.