Security issue: excessive Drupal requests from a single user account

I noticed strange behavior on my Drupal site. I like to understand the data that I look at before I take action, so as not to waste time on the wrong measures, but I do not have enough security knowledge to interpret.

One account made many odd repeated requests, including trying to reach the edit profile page, logging in (successfully - someone noticed that the account had 250 active sessions a few days ago), and a huge number of password requests. An account does not have administrator rights, and anyone can register for an account.

EDIT: Drupal version is 6.17.

My best assumptions about what is happening are as follows:

(1) Joe Evil-doer uses several reset password requests as a DOS attack (it works: <)

(2) Joe Evil-doer is trying somehow to create a dictionary of possible passwords from his repeated requests (I don’t see the way this will work).

(3) I am a victim of a failed transaction and attempted re-entry.

Any other scenarios? Does any of these match up with common Drupal exploits?

Here are the data. I ran the following query on the accesslog table in my database:

select count(*), title, path from accesslog where uid = 999 group by title, path;

With the results below (user id and page names cleared, ofc). A graph (*) in each column should indicate the number of requests received for each operation.

+----------+-------------------------+------------------------------------------+
| count(*) | title                   | path                                     |
+----------+-------------------------+------------------------------------------+
|       16 |                         | home                                     | 
|     1334 | Access denied           | user/999/edit                            | 
|      184 | Series                  | events/series                            | 
|        1 | Home                    | user/register                            | 
|        1 | Reset password          | user/reset/999/123124/a2340a1c1123/login | 
|        1 | username                | user/999                                 |   
|        5 | username                | user/999/edit                            | 
|        1 | username                | user/me                                  | 
|      904 | User account            | user/login                               | 
|    11252 | User account            | user/password                            | 
|      288 | User account            | user/register                            | 
|        1 | Validate e-mail address | user/validate/999/1283452346/a0f123459e  | 
+----------+-------------------------+------------------------------------------+