My web server has started to get probed pretty heavily with traversal attacks it looks like. I've been trying to read up on this and make sure it's working like it should, but I wanted to confirm that A) I'm handling it right and B) I'm not letting someone through.

Here is an example from the access_log:

198.154.231.202 - - [10/Nov/2014:09:01:35 +0000] "GET /content/plugins/wallpapers/wallpapers.php?includes_path=../../../../../../../../../../../etc/passwd%00? HTTP/1.0" 301 178 "-" "-"

I can't seem to find any hints as if I'm 'doing it right' or 'getting compromised' and wanted to see if anyone could offer any suggestions on where to go to read up on this type of probe and if anyone could tell from this log that I'm handling it/not handling it right.