LiveZilla Live Help

«

»

NEWS: Major WordPress Hack via TimThumb – Upgrade Immediately

Zero day vulnerability in many WordPress Themes

Source Articles HERE , HERE, and HERE

Last week there was a serious flaw found in the code behind TimThumb, an image re-sizing library commonly used in many WordPress themes and plugins. The vulnerability was first reported by Mark Maunder in a post on his blog, and has been confirmed by the author of TimThumb.

The vulnerability allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory. Once the PHP code has been uploaded and executed, your site can be compromised however the attacker likes.

We recommend deleting timthumb.php or thumb.php if your site will work without them. If the file exists in a theme or plugin that you’re no longer using you may want to remove the entire theme or plugin directory. After you remove the TimThumb library make sure you check that your site is still working correctly.

The Fix

If you must use TimThumb please make sure to update the file with the latest version and remember to check the TimThumb site regularly for updates. You should also set ALLOW_EXTERNAL to false and find the $allowedSites array inside the file and remove the domain names to prevent remote file downloading.

Make sure this constant is set to false:

define( 'ALLOW_EXTERNAL', false );

Before:

$allowedSites = array (
	'flickr.com',
	'picasa.com',
	'img.youtube.com',
	'upload.wikimedia.org',
);

After:

$allowedSites = array();

Theme and plugin authors should use the built-in WordPress functions such as add_image_size to resize images.

Nixta Clients

All our own DESIGNED sites we are scouring to check for this piece of code and are updating it with the new version , this is done AT NO COST to our own designed sites.  We are also checking all other hosted sites for the timthumb.php code and will be notifying site owners.

IF THIS HAS HELPED YOU PLEASE LEAVE A COMMENT BELOW



^^Want To Buy Me A Pack Of  Smokes Or A Beer ?^^

Consider Following Us On FaceBook.  

Thank You For Reading – Ninja UK (Nixta Services) 

1 comment

1 ping

  1. Gayle

    August 24, 2011 at 8:21 pm (UTC 0)

    Today (8/24/11) two of my wordpress sites that use the Hulk theme that relies on timthumb again fell victim to “the hack”, even though I had updated timthumb.php to the latest version (2.8). So the next step was to implement “the fix” as described in this post, and we’ll see how that goes. QUESTION: is it possible that something in the timthumb cache files still has the malicious code? THANK YOU!!

  1. NEWS: Update Classipress affected 'Timthumb Hack' vulnerability

    August 19, 2011 at 8:37 pm (UTC 0)

    [...] recent Timthumb vulnerability  has also affected CLASSIPRESS installations and needs to be addressed within them as soon as [...]

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>