Poking holes in the server log

I'm still working and working on molding this site into something that's content-rich, and something that's worth visiting. The front page is sorely lacking — it doesn't even match the rest of the website's themes — but I have a good idea of what to create. To the top, I'll put an introduction to myself and what the website is about. To the left, I'll place a single highlighted feature post, and the most recently-updated posts (whether they be blog or publication or image). To the right, I'll put randomly-selected "selections" from the portfolio, and the portfolio index itself. Still in Photoshop mock-up stage; I'll need to code in the PHP.

The PHP, I suspect, will take at least two hours to figure out, since I'm not quite familiar with the low-level Drupal API. As for the design itself, I'm always worried about whether it's appropriate or not: key sticking point, should I add my photograph or not? Carolen took around 60 or so photographs of me, and only a few came out as decent. A major factor is that I am trying to present myself in a good, professional way to other professionals (employers, say), and the rule here in the States is that you don't attach photographs to resumés, simply out of fear of discrimination.

Oh, and as far as Drupal goes: it's wonderful. This is the content management system that runs this website now, and I decided to use it instead of rolling my own, since rolling my own involves a whole lot of software architecture that I have no time to plan for: security, user authentication, access control, ... it gets complex, and I tried to make my own a few years ago. Out-of-the-box, Drupal seems very difficult to get it to do exactly what you want it to do without a lot of experience working with the CMS. For example, I wanted separate themes for each part of the website. Unfortunately, it takes two modules to get this right, plus index pages can't even have their own themes. There are ways I know of to hack it, but ... still.

Complex complex.

At least Drupal seems to excel at managing security. Their admin tools are wonderful, and feel a whole lot more powerful than, say, hacking your own static HTML with a bunch of random Python or Perl scripts. For example, Drupal on the UPE server stood the test of getting poked and poked by UC Berkeley's security scanner:

The scanner tried to find exploits like unprotected PHPMyAdmin directories, running open Java servlets, and test HTML pages.

But my own website is getting hammered by Microsoft's servers, which is really weird. I ... don't know what the meaning of this is:

Microsoft's servers kept sending requests for pages like DVD Specials, Home Gardening, and Food Network.

Any clue?