Got multiple GET requests with one element of the usual information (e.g. the User Agent string) containing a base-64 encoded PHP script e.g. to put a PHP script into my server's root directory that is supposed to return passwords used on my site. The only thing that I can imagine being targetted by such an attack is PHP-based traffic analysis software. Fortunately all these attempts got blocked by Bad Behavior. However, I hope Slimstat is immune to such attacks, just in case one of these eventually gets past the blocker?