I'm using WordPress Firewall 2 and it reported the following:
WordPress Firewall has detected and blocked a potential attack!
Warning: URL may contain dangerous content!
126.96.36.199 [ Get IP location ]
$_FILE = index.bak.php
This may be a "Executable File Upload Attack."
I'm also using NextGEN Gallery v1.9.2, but not 1-flash-gallery plugin. Any ideas as how to start tracking down the root cause?