Hi!

I'm using PHPIDS on a Drupal 6 installation. Today I got some low impacts (3-5) with, in my view, strange values.
First some pages that do exist on the site:This would be http://www.domain.tld/?q=blog aso. without mod_rewrite.

Now the following was detected by PHPIDS:
  • Variable: q | Value: blog/oble4opr-oania-lokat--du-owych,s,351.htmlaniujscie.pl/20.12609.htm
  • Variable: q | Value: blog/04-09-2011-bpt/blog/.blog/0re03a2at_-
  • Variable: q | Value: avascript:hiedenevoid(0);
  • Variable: q | Value: blog/1-03--.pcp
  • Variable: q | Value: blog/=/iter/blog/blog/ofber/f0nd.php
  • Variable: q | Value: blog/=/iter/blog/blog/drblog/04-09-2011-bitte-bewertet-uns
  • Variable: q | Value: blog/=/iter/blog/blog/blog/feed
  • Variable: q | Value: blog/=/iter/blog/blog/feed
All from the same IP address.
So in some of them there is a similarity to existing pages. But I don't see how these requests make sense, nor do I see how or if they could be dangerous. I'm quite new to PHPIDS and I still have to learn a lot about possible atacks. I would be grateful for any hint on this.

Thanks for this great software!