dstiles - 10:35 pm on Jul 7, 2010 (gmt 0)
All the casper hits today were POSTs. Haven't checked earlier logs but the pattern is the same in my security logs and always trying to hit contact.php. The contact.php in the querystring looks like some reaction to the simple POST to contact.php (without a querystring), which precedes the querystring hit. Both hits get 403's.