I have many attempts on my (small, personal and absolutely unimportant) web server, and apache and fail2ban usually do their job right. But there's a log entry that worries me:
xx.yy.www.zzz - - [9/Jul/2011:12:42:15 +0100] "GET http://allrequestsallowed.com/?PHPSESSID=5gh6ncjh00043YVMWTW_B%5CFAP HTTP/1.1" 200 432 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12"
The problem is answer wasn't a 404 code, but a 200 instead. Is that okay? Seems weird to me, but my knowledge on this field (and many others) is, to put it softly, limited.