dstiles - 7:51 pm on Aug 9, 2012 (gmt 0)
Sorry, forgot to say. The rejection code is 403 but that may be internally generated due to bad path/page names - I do not know the processing code used but all accesses are to non-existent pages, as with most php exploits.
I see no reason for recording for "tracking" purposes: it should not, in my experience, be let anywhere into the IIS web service at all. The security command says specifically: "Keep out".