These are just hexadecimal codes (sometimes known as "hex encoding") which is a not-very-bright way some spammers like to try to fool browsers.
Browsers don't distinguish the difference between the hexadecimal codes and the ASCII code they represent.
%2F for eg. means /
%3D is the same as =

Looks to me like someone has set a bot loose which is trying to find htsrv and the stats display. If it had worked you would be seeing referrer spam for ph-phentermine.zu5.net.

Denying them through htaccess works, but your htaccess file could become rather unwieldy. Check out the threads on referrer and other spam, but I wouldn't be worried about these particular hexadecimal codes.

Actually in my awstats I'm seeing them as a valid linker to my page - so its doing something. ?

I removed the stats functions entirely from B2 as I dont care about tracking who refers me...

in htaccess I blocked the phrase "redirect_to" not the IP ... you don't think that theres another url in B2 that needs that phrase ?

The 200 code would come from them finding /blog/htsrv/login.php, regardless of whether they were able to get the redirect to display stats.

Changing the htsrv directory name (you have to change it in the config as well) will make your blog safer and if you are really wanting some payback just set up a forwarder so that anyone trying to access htsrv gets sent somewhere nasty.

I would definitely NOT block the "redirect_to" phrase through htaccess. You could block the IP, but that is possibly spoofed anyway. No need to block the url as it should be taken care of through the antispam blacklist.

The login link has a redirect_to attached to it, as does the lost password link.

you mean the login link on the main page? that points to /blog/admin/

I can deal with that - also I'm the only blogger so I'm not worried about the lost password link.

If those are the only times that I'd mess myself up I can live with it filtering the redirect_to out.

Thanks EDb and Elpie.

;)