I downloaded a Wordpress wordpress plugin that emails me whenever my website serves a 404 error. Last evening I acquired about 1000 emails from bots trying to find
/wordpress-content/plug ins/(X title of popular wordpress plugin)/timthumb.php
timthumb.php is really a popular wordpress plugin which had a zero-day vulnerability a couple of days ago, therefore the visitors are searching my website for weaknesses that may be compromised. I do not have timthumb installed, however i really do not want this traffic - can there be a good way to bar it?
This is actually not something that may be fully stopped. Rather you need to concentrate on ensuring the body is fully up-to-date, and set up properly.
Some vulnerability scans and exploits could be stopped utilizing a Web Application Firewall like PHPIDS or mod_security. However, these safety measures will not stop bots from searching for vulnerable files like, phpmyadmin, fckeditor or even the new timthumb.php remote code execution vulnerability.