Thread:Project:Support desk/Help with hacking issue/reply (3)

Yes, it might well be that the attacker is probing for a vulnerability.

The information from the Apache error_log, which you posed above, already are nice. Maybe ModSecurity has the possibility to write a more detailed log.

Another option would be to enable the debug log in MediaWiki; see Manual:How to debug. This will slow down the system and should only be done ... well, for debugging, but I guess it might also log the stuff, which people are trying to post to your server.