joined:July 25, 2006
Yes, it really is true, I don't mind you or Yahoo looking for admin pages, nor do I mind that a web application I use makes its name and version visible on every page.
If you are concerned about the security of any web applications you use, you can check for reports of security vulnerabilities at [secunia.com
You might try checking your logs for requests from this IP from before the strange requests began. Did they previously make only sensible requests, and then something changed?
Maybe also do web searches for the name of your site in conjunction with a few snippets of the strange URLs from the requests. The goal would be to discover if anyone has placed links anywhere online that would give Yahoo the impression the URLs exist on your site. Although the inurl: searches I did on a few of them turned up only Yahoo pages in the results, you might check more of them than I did.
Does that crawler ask for normal pages in addition to the weird ones?
I said previously that scenarios are easy to invent... I don't know if Yahoo has a manual URL submission form for webmasters. If someone submitted a bunch of bogus pages supposedly on your site, Yahoo would probably crawl to see if they're really there. Even if that scenario were true, it's still no harm done: they're not there, and now Yahoo knows it. Except if you block them, they won't know it.
If there's a mystery worth any amount of concern here at all, it would be how Yahoo "got the idea" about these URLs (and the answer still could be as simple as an unusually thorough Confirm404 crawl). One of your initial concerns was about a misconfigured crawler, which could still be what the problem really is. Or a "misconfigured internet" that has bogus links to your site somewhere. That, however, seems less likely if you're not getting requests from Google for those same pages.