s=/proc/self/environ included after the url appears to be an attack on my site. Has any other users experienced anything like this and was the attack successful?

I added the following to my iptables

54.208.36.248
188.165.12.96
211.206.122.183
212.48.78.194
213.235.225.244
74.208.193.37
94.23.254.120

Most hosting services will protect you against this kind of information attack. Blocking the IP addresses is the correct action. Those that run their own servers will be the largest at risk, as they tend not to be setup correctly and are typically less secure. This type of information attack was introduced back in late 2010.

:)

I lease a server from wiredtree. I do run mod_security which from what I understand should prevent it.

A WAF (Web Application Firewall) is not going to protect you from hackers. If someone really wants to hack your website, they can just find a way to bypass the WAF which isn't that hard.