Apologies for the slow response from this side.
> The log shows a single IP repeatedly ( sometimes 100s of times) hitting 'Guest User' - 'Login' - '1'. There appears to be no attempt at actual login with any random username strings or such.
There is a possibility that a "robot" is trying to index your content for a search engine. Clever robots find out Moodle courses which are open for guests. But then it shouldn't try a login/password (Moodle "guest" does not require authentication). Set the Apache logs to full and check the agent. Try to find out every thing about the IP address. If you have strong suspicions you can always complain to the NIC and/or block the IP address by firewall.
> we once suffered a MYSQL buffer overflow on our work system. It logged in as root and planted an IRC bot. Fortunately our firewall prevented it building external connections. The culprit was an old dated version of the php photo app 'copperbase' which we had tried and inadvertently left active.
Yes, that's always a nasty experience. You were lucky, otherwise the flood or reverse traffic will jam everything.