Timthumb.php hack attempts
Hackers are targeting WordPress for hack attempts by focusing on a ‘timthumb.php’ file. Here is an example of a request.
What is Timthumb?
TimThumb is an Image Resize for WordPress.
Offending IP: 18.104.22.168
How to block it?
If you have ModSecurity on your Apache/Cpanel server, an easy way to stop this nonsense is by using this rule.
#Timthumb injection rule created by 0sw.com
SecRule REQUEST_URI "c=http" "deny,log,msg:'File Injection Attempt',status:406"
This will return a 406 Not Allowed Server Response when someone attempts to trick a php file to remotely load a payload using “src=http”.