Building Business Success Online

Online & Offline Branding & Exposure

By

TimThumb Script Vulnerability- WordPress Threat

Help I am being held hostage by TimThumb.php

I thought I would take a minute to write this post on the latest WP threat. Many of you may not know about the security issues associated with an older version of TimThumb.php but it was announced early August that it made many WordPress blogs extremely vulnerable to getting hacked in a number of different ways.

timthumb

I had not heard anything about this until I got an email from my hosting account stating:

This is a courtesy notice that we have found exploitable timthumb.php file(s) on your account. It is highly recommended that you update these files to the latest available version to prevent possible compromise.  This is best done by updating all scripts, plugins,

modules and themes on your account to the latest version.

 As the owner of the account, you are responsible for keeping your hosted content free of malicious software.”     Great what do I do now!!

When I read this I almost had a heart attack! OK it wasn't quite that bad, but I was a bit panicked and

frantically began searching the net for a cure for this problem.  This was the last thing that I needed!!

As I began to search I found out what this TT Script Vulnerability actually was and below you will find a brief description of this little bandit.

What does the TimThumb script do?

The timthumb.php file is a script commonly used in WordPress's (and other software's) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more.  After a site has been exploited, it may lead to becoming labeled a "Malicious Website" by Google or other security authorities.

This was the last thing I wanted! I have been slapped by Google in the past and it is quite painful.

 I also found out that any TT.php file below version 1.35, but above version 1.09 is considered vulnerable, unless patched. To prevent being compromised, I was advised to  update all instances of TT.php to version 2.0, or patch the existing vulnerable files.  Note that patching the files requires more in-depth knowledge of the PHP scripting language.

This is diffidently an area of expertise that I am lacking in. And most of what I was finding on the web was a bit technical to my skill level and didn't really explain how to fix it other than updating this file.

In the midst of this dilemma I received an email from Scot Inman who I had recently purchased some PLR Niche Blogs that he created using themes that had the TT script installed. He had just spent 20 hours updating all his Blog Themes and wanted to get the word out so that those who purchased them could update the files. That email came just in time. He also posted a link to a video that he created that walks you through some simple steps that show you how to fix this problem.

Here is that link: http://www.plrblogs.com/tim-thumb-security-update-plr-blogs-11-20-and-cb-cashlinks-bonus-blogs/ now as you can see it is for his blogs but you can use this with any WP themes using the TT script.

Here are a couple of links that will help you solve this problem:

New Timthumb script can be downloaded from here – http://timthumb.googlecode.com/svn/trunk/timthumb.php

Ben Gillbanks’s Blog – http://www.binarymoon.co.uk/2011/08/timthumb-2/

Mark Maunder’s Blog – http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/

Hope this helps you fix the TimThumb problem!!

Leave me a commit below and let me know if you have experienced a similar problem.

By

How to find a Profitable Niche!

Deciding on a niche for your blog can be a hard and confusing process. Not to mention the paralysis of analysis that can come from not knowing just what to do!  You will need to know if income is a goal, if so then you will want to choose a niche that is profitable.

Bloggers by nature want to have their blog read, so make sure to choose a niche that others want to read. By knowing what to look for in a niche, finding your niche becomes an easier process.

What are your passions and interests?

You really want to pick a topic that you have a passion for or at the least have some interest in. Blogging about a topic that you have no real interest can become a real chore. Look for something you enjoy or really want to learn. You might want to think about a few topics before you decide. The next questions can help you decide if it is a niche to pursue. Read More

By

20 Must Have WordPress Plugins For Every Website

By Amber Weinberg

Editors Note: In her first article for Think Vitamin WordPress specialist Amber Weinberg looks at the plugins she can’t do without.

I’ve reviewed several plugins before, but since I started using WordPress as the CMS for almost every site I do now, I’ve amassed some great and very essential plugins.

Some of these make the user experience better, but a lot of these work in the backend to help the actual functionality of the site out. While it’s best to have as few plugins as possible to speed up the site, I’ve had no problems running all 20 of these plugins on a regular shared server.

1. Akismet

Akismet is such an awesome plugin, that WordPress decided to package it with every new install. It’s great for stopping spam and works really well without having to annoy your commentors with unreadable CAPTCHAs. Read More

By

Finally … Relief for Password Overload

Roboform Password Manager & Form Filler

It seems like you have to have passwords for everything these days and more and more often there are increasingly unique requirements for the passwords ... case sensitive, number of characters, special characters required vs. not allowed. How all the sites, companies and such expect us mere mortals to remember all these passwords is beyond me. If you are like me you know there is a great need to stay on top of your passwords with literally a dozen or more new requirements for passwords, I decided that I had to find some help. I reviewed a variety of professional and user reviews of different software applications and eventually settled on Roboform and am glad that I did.

RoboForm makes logging into Web sites and filling forms faster, easier, and more secure. RoboForm memorizes and securely stores each user name and password the first time you log into a site, then automatically supplies them when you return. RoboForm's powerful Logins feature eliminates the manual steps of logging into any online account. With just one click RoboForm will navigate to a Web site, enter your username and password and click the submit button for you.

Completing long registration or checkout forms is also a breeze. Simply click on your RoboForm Identity and RoboForm fills-in the entire form for you. You no longer need to remember all your passwords. You remember one Master Password, and RoboForm remembers the rest. This allows you to use stronger passwords, making your online experience more secure. RoboForm uses strong AES encryption for complete data security.

?

Get your software click the link below!!

?RoboForm: Learn more...

Stop back by after you had a chance to check it out and let me know how you like Roboform. I have a feeling that you are going to digit!!