w00tw00t.at.ISC.SANS.DFind in your apache web log
generated by a Web Vulnerability Scanner named DFind, it means someone was TRYING to hack the site...
use ip tables to block repeat offenders
IPTABLES -I INPUT -s IP_ADDRESS_GOES_HERE -j DROP IPTABLES -I OUTPUT -s IP_ADDRESS_GOES_HERE -j DROP
you can unblock via
IPTABLES -D INPUT -s IP_ADDRESS_GOES_HERE -j DROP