What's going on here? Spambot?

The 404s just looks like your average misbehaving bot. But the fact that the location is 'vps.cyberpods.net' means that someone routed that domain name to your IP address (either via configuring their DNS to use it, or by manually setting it in their /etc/hosts file). Usually web servers are configured so that if a request comes in for an unrecognized domain it gets routed to the default domain. Your Drupal site must be setup as the default domain.

In short, it looks like someone from cyberpods.net made a configuration error and now your site is getting some extra 404 traffic. If it becomes a problem you can block these requests at the web-server level, or earlier (You could block them in Drupal, but it would be more efficient to block them on a lower level).

Ban at the firewall level (or if you don't have any one, install apf and use it to block the IP).

Thanks Ben, still looking into the vhost issue.

Had another look at the logs this morning - see screen shot:
http://cl.ly/image/1D113b0g2L2V

Why is yahoo.jp now giving me page not found warnings?

I can see how an individual running small web business might mess up their server config file, but not yahoo.jp. Is there something else going on here that i'm missing?

This is all I can see in the apache error.log

[Sun Oct 07 06:36:43 2012] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.2 with Suhosin-Patch configured -- resuming normal operations
[Wed Oct 10 00:54:43 2012] [notice] caught SIGTERM, shutting down
[Wed Oct 10 00:54:44 2012] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.2 with Suhosin-Patch configured -- resuming normal operations
[Wed Oct 10 00:57:26 2012] [notice] caught SIGTERM, shutting down
[Wed Oct 10 00:57:27 2012] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.2 with Suhosin-Patch configured -- resuming normal operations

I restarted the webserver a couple of times at about that time/date so I assume this is just to do with that.

Ok I tracked down my log file. It's huge....33MB!
Managed to search for a few suspicious strings from the recent log messages admin screen:

66.249.69.194 - - [11/Oct/2012:13:27:32 +0800] "GET /node/53 HTTP/1.1" 200 6530 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
113.140.75.222 - - [11/Oct/2012:13:30:50 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 5755 "-" "ZmEu"
113.140.75.222 - - [11/Oct/2012:13:30:51 +0800] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 5738 "-" "ZmEu"
113.140.75.222 - - [11/Oct/2012:13:30:52 +0800] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 5737 "-" "ZmEu"
113.140.75.222 - - [11/Oct/2012:13:30:53 +0800] "GET /pma/scripts/setup.php HTTP/1.1" 404 5728 "-" "ZmEu"
113.140.75.222 - - [11/Oct/2012:13:30:54 +0800] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 5734 "-" "ZmEu"
113.140.75.222 - - [11/Oct/2012:13:30:55 +0800] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 5741 "-" "ZmEu"

I looked up the w00tw00t.at.blackhats ZmEu stuff - this link was very useful: http://ensourced.wordpress.com/2011/02/25/zmeu-attacks-some-basic-forensic/

Turns out that it's a bot searching for vulnerabilities in phpmyadmin setup files.
My server is returning all 404's so nothing has been accessed by the looks of it.

also another:

96.254.171.2 - - [03/Oct/2012:22:48:51 +0800] "GET http://vps.cyberpods.net/judge.php HTTP/1.1" 404 6296 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28 (.NET CLR 3.5.30729)"

Don't understand why it is trying to 'GET' vps.cyberpods.net/judge.php from my server. Why would it be there in the first place - and what would it do if it was found?

I'm a novice at this kind of stuff so it freaks me out a little!

Ok, thanks for the reassurance, Dave. I'll ignore for now, will look into blocking later if needs be.