Results 1 to 10 of 27

Thread: Update your timthumb.php! Otherwise, you'll get hacked!

August 14th, 2011 #1

sanook

Thread Starter
Senior Member

Join Date

Mar 2011

Location

Thailand

Posts

163

Thanks

28

Thanked 15 Times in 12 Posts

Update your timthumb.php! Otherwise, you'll get hacked!
Last night all my sites got hacked, because of a vulnerability in the timthumb.php (sometimes called thumb.php)

I spent all night to investigate this. I seems that i managed to close the door and to get rid of this nasty peace of evil ****.

First i get some sleep now, later i will come back to this...

Please Google and take action... this is really nasty and it's on a big scale!

timthumb wordpress hacking themes

AppThemes should report and update immediately.

Feel free to have a look at my creation: MarketplaceThailand.com

Reply With Quote
The Following User Says Thank You to sanook For This Useful Post:

rubencio (August 14th, 2011)
August 14th, 2011 #2

sanook

Thread Starter
Senior Member

Join Date

Mar 2011

Location

Thailand

Posts

163

Thanks

28

Thanked 15 Times in 12 Posts

WordPress Sites Hacked with Superpuperdomain2.com

Feel free to have a look at my creation: MarketplaceThailand.com

Reply With Quote
The Following 3 Users Say Thank You to sanook For This Useful Post:

barukar (August 14th, 2011), mr_green (August 14th, 2011), rubencio (August 14th, 2011)
August 14th, 2011 #3

rubencio

Join Date

May 2010

Location

Spain

Posts

3,804

Thanks

268

Thanked 316 Times in 278 Posts

Some more info from the WordPress team itself.
Vulnerability Found in timthumb.php | VaultPress Blog

r u b e n c i o . c o m

Since 2010 providing AppThemes solutions,
Plugins and the best childthemes...

Reply With Quote
August 14th, 2011 #4

barukar

Veteran

Join Date

Sep 2010

Location

Brasil, S�o Paulo, SP

Posts

6,785

Thanks

186

Thanked 742 Times in 623 Posts

Originally Posted by sanook

Last night all my sites got hacked, because of a vulnerability in the timthumb.php (sometimes called thumb.php)

I spent all night to investigate this. I seems that i managed to close the door and to get rid of this nasty peace of evil ****.

First i get some sleep now, later i will come back to this...

Please Google and take action... this is really nasty and it's on a big scale!

timthumb wordpress hacking themes

AppThemes should report and update immediately.

Thanks for the warning.
I'm sure the team of developers are already aware this issue.

-------------------------------------------------------------------------------------------
Projects: ClassiNoiva - Classim�veis - voc�noenem - i50 - Clube DETRAN

Reply With Quote
August 14th, 2011 #5

sanook

Thread Starter
Senior Member

Join Date

Mar 2011

Location

Thailand

Posts

163

Thanks

28

Thanked 15 Times in 12 Posts

Originally Posted by barukar

Thanks for the warning.
I'm sure the team of developers are already aware this issue.

This should be top priority. It�s very easy to update all themes with the timthumb version 2 and to put a message on the blog.

I really can not believe there has been taken no action on this after 10 days. I�m very very sorry to say, but does AppThemes take there customers seriously?

Sanook is disappointed in AppThemes.

Feel free to have a look at my creation: MarketplaceThailand.com

Reply With Quote
August 14th, 2011 #6

spymare

Veteran

Join Date

Aug 2010

Location

Denmark

Posts

871

Thanks

16

Thanked 82 Times in 61 Posts

I bookedmark this thread. It would be very helpfull if the developers post a fix in this thread.

Reply With Quote
August 14th, 2011 #7

spymare

Veteran

Join Date

Aug 2010

Location

Denmark

Posts

871

Thanks

16

Thanked 82 Times in 61 Posts

Timthumb (thumb.php) Security Flaw
I posted a thread earlier about this very serious hazard.

All my sites got hacked yesterday, so i did a lot of investigation. I managed to close the backdoor and got rid of the nasty infection.

Why do we not hear about this from AppThemes? They still did not update the timthumb.php file in there themes. This is really bad.

WooThemes reported about this security risk on the 4th of August. And also Wordpress warned people who use timthumb.

Timthumb (thumb.php) Security Flaw @ WooThemes

People, update your timthumb.php to the latest version!

If you are already infected, delete all you .htaccess files, replace with authentic one and install and activate the BulletProof Security plugin

Now scan your site on Sucuri - Monitor & Scanner dashboard to see if it�s clean.

So can we just download timthumb.php from timthumb - image crop zoom resize management - Google Project Hosting and replace the file
and everything should be fine?

Reply With Quote
August 14th, 2011 #8

rubencio

Join Date

May 2010

Location

Spain

Posts

3,804

Thanks

268

Thanked 316 Times in 278 Posts

I don't think so

Let the developers say something concerning this security issue.
Regards,

r u b e n c i o . c o m

Since 2010 providing AppThemes solutions,
Plugins and the best childthemes...

Reply With Quote
August 14th, 2011 #9

sanook

Thread Starter
Senior Member

Join Date

Mar 2011

Location

Thailand

Posts

163

Thanks

28

Thanked 15 Times in 12 Posts

Spymare,

If you're not infected

One method is:

Go to WP-dashboard, appearance -> editor, find "timthumb.php -> delete all code, paste this code there.

If you are infected, also get rid of all the .htaccess files (root and theme-folders) and replace with authentic ones.

For all people using Wordpress, install the Bulletproof Security Plugin

Feel free to have a look at my creation: MarketplaceThailand.com

Reply With Quote
The Following User Says Thank You to sanook For This Useful Post:

pepsi (August 15th, 2011)
August 14th, 2011 #10

sanook

Thread Starter
Senior Member

Join Date

Mar 2011

Location

Thailand

Posts

163

Thanks

28

Thanked 15 Times in 12 Posts

Have a look at this message: Timthumb (thumb.php) Security Flaw | WooThemes

Feel free to have a look at my creation: MarketplaceThailand.com

Reply With Quote

« How to easily enable SSL for your wp-admin folder | WordPress Theme Development Checklist »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

[SOLVED] TimThumb vulnerability?

By rodeoramsey in forum Report ClassiPress Bugs

Replies: 2
Last Post: October 23rd, 2011, 05:44 PM
Have I been hacked?

By Almost in forum WordPress General Discussion

Replies: 14
Last Post: August 31st, 2011, 02:52 PM
Timthumb (thumb.php) Security Flaw

By sanook in forum WordPress General Discussion

Replies: 1
Last Post: August 14th, 2011, 11:16 AM
converting timthumb cached images to actual files

By mlepisto in forum ClassiPress General Discussion

Replies: 0
Last Post: January 17th, 2011, 01:22 PM

Thread: Update your timthumb.php! Otherwise, you'll get hacked!

Thread Tools

Search Thread

Update your timthumb.php! Otherwise, you'll get hacked!

The Following User Says Thank You to sanook For This Useful Post:

The Following 3 Users Say Thank You to sanook For This Useful Post:

The Following User Says Thank You to sanook For This Useful Post:

Thread Information

Users Browsing this Thread

Similar Threads

[SOLVED] TimThumb vulnerability?

Have I been hacked?

Timthumb (thumb.php) Security Flaw

converting timthumb cached images to actual files