Title: Arbitrary File Upload
Last modified: March 7, 2017

---

# Arbitrary File Upload

 *  [gregor3001](https://wordpress.org/support/users/gregor3001/)
 * (@gregor3001)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/arbitrary-file-upload/)
 * Hello,
 * I had 6 attempts blocked. Scans revealed nothing strange.
 * United States Kansas City, United States left [http://mydomian.com/wp-admin/admin-ajax.php](http://mydomian.com/wp-admin/admin-ajax.php)
   and was blocked by firewall.
 * or
    United States Kansas City, United States left [http://mydomian.com/uploadify/uploadify.php?folder=/](http://mydomian.com/uploadify/uploadify.php?folder=/)
   and was blocked by firewall for Malicious File Upload (PHP) at [http://mydomian.com/uploadify/uploadify.php?folder=%2F](http://mydomian.com/uploadify/uploadify.php?folder=%2F)
 * since all attempts came from same IP i blocked it.
 * i now also enabled “Disable Code Execution for Uploads directory”
 * what i am wondering is how could they attempt to upload it? what does this message
   even mean? did they just run some script to upload the file and it didn’t work?
   i mean many of these folders mentioned in the attack are not visible to internet.
 * I am just trying to figure out what exactly happened here and what this message
   means.
    -  This topic was modified 9 years, 3 months ago by [gregor3001](https://wordpress.org/support/users/gregor3001/).

Viewing 1 replies (of 1 total)

 *  [wfalaa](https://wordpress.org/support/users/wfalaa/)
 * (@wfalaa)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/arbitrary-file-upload/#post-8891914)
 * Hello,
    This kind of attacks are from bots which are programs written by hackers
   that target a large number of websites looking for vulnerabilities, so they keep
   scanning websites for vulnerabilities even if you don’t have this directory/file(
   uploadify.php here for example), they are just looking for any website with this
   vulnerability to exploit, I suggest reading more about bots and how they are 
   used in attacking websites in “[How to Protect Yourself from WordPress Security Issues & Threats](https://www.wordfence.com/learn/how-to-protect-yourself-from-wordpress-security-issues/#Bots and Botnets)“.
 * Thanks.

Viewing 1 replies (of 1 total)

The topic ‘Arbitrary File Upload’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [wfalaa](https://wordpress.org/support/users/wfalaa/)
 * Last activity: [9 years, 3 months ago](https://wordpress.org/support/topic/arbitrary-file-upload/#post-8891914)
 * Status: not resolved