Looking over my logfiles tonight, I noticed a host trying to access a file I don’t have, backwpup.php.
46.4.202.87 – – [31/Mar/2011:19:00:03 -0400] “HEAD /wp-content/plugins/backwpup/backwpup.php HTTP/1.1” 403 – “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
It turns out this is a WordPress plugin that has a bug which lets an attacker traverse the file system. In other words, an attacker could then view any file on the server that’s accessible to the webserver process.
I hadn’t seen it before but it hasn’t been out too long. I don’t use that particular plugin but those who do should be aware.