WordPress Timthumb Security Issues

Plugins

Feb 112012

WordPress Timthumb Volnerability: Protect Your Sites and Your PC

WordPress (Photo credit: Adriano Gasparri)

I’ve recently found out there may be a serious security breach you should be aware off. I rarely write on the subject as I am by all means no expect on it and will never claim so, but I have done my reading, and thought is important you’d be aware of this issue and learn how to quickly eliminate unnecessary risks to your site.

Is is estimated that millions of sites have been hacked using a particular wordpress/php exploit. The issue involves a very popular resizing script called “timthumb”, used in many WordPress themes and plugins.
The “timthumb” script allows hackers to upload and execute malicious php scripts on your server, even if you don’t use wordpress.

The Affects Of WordPress Timthumb Hack:

Once the hacker takes control via the “timthumb” exploit they can pretty much do anything they want, including using your domain to
spread spyware, malware, and install other nasty little viruses that infect your visitor’s personal computer.

The potential for disaster is huge. Hackers can take control over your site, spread viruses to your sites visitors and even steal your hard-earned affiliate commission by overwriting your affiliate cookies.
Again , I’m far from being an expert on the subject, I’m just the humble messenger. If you want to learn more about it, here aer some resources I think you may find useful:

Technical details and scripts of the WordPress Timthumb.php hack

WordPress Timthumb fix

So following some advice I have read, I went on and installed two plugins:

Timthumb Vulnerability Scanner

and here’s a detailed video of how you scan and deal with issues:

[trafficplayer_skin padding: 28px 0 0 68px; margin: 0 auto; width: 652px; height: 411px; background: url(http://makemoneyim.com/wp-content/plugins/traffic_player_free/images/skin4.png) no-repeat top left; text-align: left;][trafficplayer_youtube_video width=”578″ height=”326″ src=”http://www.youtube.com/embed/MFt_XmCMAfI?&autohide=1&autoplay=0&controls=1&hd=0&rel=0&showinfo=0″ ][/trafficplayer_youtube_video][/trafficplayer_skin]
Here are some discussions on how to clean your server and your
blog if it’s been hacked using the timthumb exploit:
http://www.google.com/search?q=cleaning-up-timthumb-hack BulletProof Security

This plugin scans your site, checks your files and backs them up, and is highly recommended by the WordPress community.
additionally, you may want to check your own PC for any malicious software and scripts.

WordPress Timthumb references and Additional Reading

Thousands of WordPress sites commandeered by Black Hole (go.theregister.com)
New WordPress security vulnerability through Timthumb (ritcyberselfdefense.wordpress.com)
The Ghost of TimThumb – Battling insecure plugins and hosts 4 months later (zippykid.com)

Good Luck , Safe Surfing

Tobi