Help I am being held hostage by TimThumb.php
I thought I would take a minute to write this post on the latest WP threat. Many of you may not know about the security issues associated with an older version of TimThumb.php but it was announced early August that it made many WordPress blogs extremely vulnerable to getting hacked in a number of different ways.
I had not heard anything about this until I got an email from my hosting account stating:
“This is a courtesy notice that we have found exploitable timthumb.php file(s) on your account. It is highly recommended that you update these files to the latest available version to prevent possible compromise. This is best done by updating all scripts, plugins,
modules and themes on your account to the latest version.
As the owner of the account, you are responsible for keeping your hosted content free of malicious software.” Great what do I do now!!
When I read this I almost had a heart attack! OK it wasn't quite that bad, but I was a bit panicked and
frantically began searching the net for a cure for this problem. This was the last thing that I needed!!
As I began to search I found out what this TT Script Vulnerability actually was and below you will find a brief description of this little bandit.
What does the TimThumb script do?
The timthumb.php file is a script commonly used in WordPress's (and other software's) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more. After a site has been exploited, it may lead to becoming labeled a "Malicious Website" by Google or other security authorities.
This was the last thing I wanted! I have been slapped by Google in the past and it is quite painful.
I also found out that any TT.php file below version 1.35, but above version 1.09 is considered vulnerable, unless patched. To prevent being compromised, I was advised to update all instances of TT.php to version 2.0, or patch the existing vulnerable files. Note that patching the files requires more in-depth knowledge of the PHP scripting language.
This is diffidently an area of expertise that I am lacking in. And most of what I was finding on the web was a bit technical to my skill level and didn't really explain how to fix it other than updating this file.
In the midst of this dilemma I received an email from Scot Inman who I had recently purchased some PLR Niche Blogs that he created using themes that had the TT script installed. He had just spent 20 hours updating all his Blog Themes and wanted to get the word out so that those who purchased them could update the files. That email came just in time. He also posted a link to a video that he created that walks you through some simple steps that show you how to fix this problem.
Here is that link: http://www.plrblogs.com/tim-thumb-security-update-plr-blogs-11-20-and-cb-cashlinks-bonus-blogs/ now as you can see it is for his blogs but you can use this with any WP themes using the TT script.
Here are a couple of links that will help you solve this problem:
New Timthumb script can be downloaded from here – http://timthumb.googlecode.com/svn/trunk/timthumb.php
Ben Gillbanks’s Blog – http://www.binarymoon.co.uk/2011/08/timthumb-2/
Mark Maunder’s Blog – http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
Hope this helps you fix the TimThumb problem!!
Leave me a commit below and let me know if you have experienced a similar problem.