[Plugin: Members Only] Is there any way to bypass?

Hi, I’m using WP 2.6 and Members Only 0.6.5 (both are latest)
I’m also using WassUp plugins to track visitors and also the logins.

However, I notice something strange: there are IPs which are not logged in (Username not shown), but still visiting pages. Look at this:

118.71.171.80 2008-07-31 20:13:40
/wp/D06TransTeam/
Referrer: Direct hit
Hostname: adsl-dynamic-pool-xxx.fpt.vn

* User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1

* vn OS: WinXP
* BROWSER: Firefox 3.0

* 20:11:06 ->/wp/D06TransTeam/wp-login.php?redirect_to=/wp/D06TransTeam/
* 20:11:18 ->/wp/D06TransTeam/wp-login.php
* 20:11:28 ->/wp/D06TransTeam/wp-login.php
* 20:12:59 ->/wp/D06TransTeam/?p=156
* 20:13:40 ->/wp/D06TransTeam/?p=158

p=XXX is my blog entries.
He/She is even visiting the latest entry, which I wrote AFTER fixing security measures mentioned in the WP Security Scan Plugin. The post ID 158 is entered, so he/she must know before hand that that post exists.
I don’t know why this happens. The IP is of another ISP in MY COUNTRY, so it’s not some function from my plugin or anything else.
This is too dangerous.