blog being attacked!? plz help

Hi All,

I use WordPress Firewall plugin on my site and the last two days I seem to be getting hit a few times per minute with some sort of attack. 1000s of alerts and growing!

I think, I’m not too sure on these messages, most are easy to tell what is going on but I’m lost with these.

Can anyone else clue me in here? Am I being attacked, or is there some sort of misconfig causing this?

Sample alerts
——————-
Web Page: https://www.ThisIsMyBlogDomain.com/ (hidden for privacy)
Warning: URL may contain dangerous content!
Offending IP: 206.207.80.165 [ Get IP location ]
Offending Parameter: PHPSESSID = cd425be27def1acbe77d2e1bd4bdc4bc, wp_ozh_wsa_visits=1, wp_ozh_wsa_visit_lasttime=1264066592, alpha=178502cc412b00001a6d594b35610800783e0000, CFID=35069126, CFMAGIC=35069126:92000169, CFTOKEN=92000169
——————-
Web Page: https://www.ThisIsMyBlogDomain.com/ (hidden for privacy)
Warning: URL may contain dangerous content!
Offending IP: 216.145.24.240 [ Get IP location ]
Offending Parameter: PHPSESSID = 91f59f87191e99c3529a2766c2e9f4b3, wp_ozh_wsa_visits=1, wp_ozh_wsa_visit_lasttime=1264153003, alpha=26d56bd181130000faca594b1f160700e3120000, XTCsid=6c5d5732586af445d192a89ecbb70870, CFID=20592936, CFTOKEN=79796267, SPC_LQ=|
——————–

So looking at the above:

I see ‘ozh’ which makes me think this has something to do with the Who Sees Ads plugin (made by Ozh), which it could be, but I also see CFID and CFTOKEN etc and that is Coldfusion which I don’t use on my site. The offending ips are also not mine.

If anyone has a clue here I’d really appreciate any help you can provide as it makes me very nervous to be getting so many alerts like this!

Thanks!