This is a wordpress exploit that COMODO WAF didn’t stoped. My antivirus rule stoped this attack instead.
Information on the exploit:
The CPANEL Modsecurity TOOLS log:
900: COMODO WAF: VIRUS or MALWARE content was found in uploaded file
Request: POST /wp-content/plugins/wp-symposium/server/php/index.php
The site logs:
188.8.131.52 - - [20/Feb/2015:12:44:00 +0000] “POST /wp-content/plugins/wp-symposium/server/php/index.php HTTP/1.1” 301 - “-” “Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0”