An attacker scanned my web sites this morning for URLs including these files.
- zboard.php
- logx.txt
- wp-includes/wp-script.php
- wp-includes/wp-services.php
- wp-includes/class-wp-customize-client.php
- thumb_editor.php
- wp-includes/jahat.php
- wp-content/uploads/images.php
None of these files are part of a WordPress installation. So if you see them in your system, give it a much closer look to see if something bad is happening on your site. Check your logs, and look at the file itself (but not through your browser, but offline!).
Today’s attacker came from 178.77.99.29 (hca-erfurt.de.), which is in Germany.