Results 1 to 9 of 9
  1. #1
    Senior Server Administrator UH-Tony's Avatar
    Join Date
    Mar 2006
    Location
    Houston, TX USA
    Posts
    893

    WordPress vulnerability using thumb.php/timthumb.php

    Seeing quite a few instances where WordPress sites are being exploited through thumb.php or timthumb.php scripts included in many popular themes (Headline for example). If you have WordPress please check and resolve following details outlined at:

    Zero Day Vulnerability in many Wordpress Themes | mm

    The Exec summary: An image resizing utility called timthumb.php is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. I havenít audited the rest of the code, so this may or may not fix all vulnerabilities. Also recursively grep your WordPress directory and subdirs for the base64_decode function and look out for long encoded strings to check if youíve been compromised.
    .
    Tony
    UnitedHosting Staff

    For official support please use our helpdesk at UnitedSupport.co.uk

    UnitedHosting proudly hosting more than 65,000 sites since 1998.

  2. #2
    Administrator UH-Matt's Avatar
    Join Date
    Oct 2002
    Location
    London, UK
    Posts
    9,595
    Just to bump this topic, we have heard some very large hosts have today had a good percentage of their Wordpress sites hit by this and the problem only gets worse.

    If you run Wordpress please read and follow the links in Tony's post above.

    Thank you,
    .
    Matt
    UnitedHosting Staff

    For official support please use our helpdesk at UnitedSupport.co.uk

    UnitedHosting proudly hosting more than 40,000 sites since 1998.

  3. #3
    Administrator UH-Matt's Avatar
    Join Date
    Oct 2002
    Location
    London, UK
    Posts
    9,595
    Due to the severity of this exploit we have gone ahead and run a script across all our shared/reseller hosting servers to find the insecure version of this Wordpress file and replace it with the secure version as well as leaving a backup renamed in the same folder. It found thousands of occurances.
    .
    Matt
    UnitedHosting Staff

    For official support please use our helpdesk at UnitedSupport.co.uk

    UnitedHosting proudly hosting more than 40,000 sites since 1998.

  4. #4
    Registered User isiah's Avatar
    Join Date
    Jan 2007
    Location
    near Bath, UK
    Posts
    113
    Wow that's swift fire fighting work by UH. I'm surprised no-ones replied with a quick 'thank you' for your action.

    I would if I was running an effected site

    Cheers
    I

  5. #5
    Administrator UH-Matt's Avatar
    Join Date
    Oct 2002
    Location
    London, UK
    Posts
    9,595
    We prefer to spend half a day implementing a bulk solution rather than trying to explain to 1000 customers who run old versions of wordpress when their site is displaying hacked pages... Overall this was a more efficient solution even if strictly speaking anyone running wordpress should really be more on top of things - We were surprised with just how many old versions of wordpress we found across our servers.

    It is worth giving a stern reminder here and now that if you run a website using any sort of php/mysql script that you downloaded/installed, if you decide NOT to maintain that script by keeping it updated to the latest version on a very regular basis, then there is an extremely good chance your site will at some point be defaced or hacked. There are so many people, bots, scum out there every day scanning tens of thousands of sites for old scripts to exploit that it is only a matter of time if you choose not to spend time keeping your site maintained. You have all been warned
    .
    Matt
    UnitedHosting Staff

    For official support please use our helpdesk at UnitedSupport.co.uk

    UnitedHosting proudly hosting more than 40,000 sites since 1998.

  6. #6
    Tim
    Tim is offline
    Bloke
    Join Date
    Nov 2005
    Location
    Halifax UK
    Posts
    711
    Google are telling people off for running out of date versions of Wordpress in their webmaster tools control panel these days. So you have to wonder if not being up to date with scripts could start having an effect on search rankings.

  7. #7
    Senior Server Administrator UH-Tony's Avatar
    Join Date
    Mar 2006
    Location
    Houston, TX USA
    Posts
    893
    Quote Originally Posted by Tim View Post
    Google are telling people off for running out of date versions of Wordpress in their webmaster tools control panel these days. So you have to wonder if not being up to date with scripts could start having an effect on search rankings.
    That would actually be a very good idea in my opinion. Why trust your information to a site that doesn't do even basic updates to their software to ensure security, much less risk exposing their visitors to malicious content.
    .
    Tony
    UnitedHosting Staff

    For official support please use our helpdesk at UnitedSupport.co.uk

    UnitedHosting proudly hosting more than 65,000 sites since 1998.

  8. #8
    Administrator UH-Matt's Avatar
    Join Date
    Oct 2002
    Location
    London, UK
    Posts
    9,595
    I would be in favour of this... Infact it makes you wonder if we will end up with an extreme of "safe Google searches" where they only list sites known to be secure, and if they know an old scripts is running they remove the listing entirely!
    .
    Matt
    UnitedHosting Staff

    For official support please use our helpdesk at UnitedSupport.co.uk

    UnitedHosting proudly hosting more than 40,000 sites since 1998.

  9. #9
    Administrator UH-Matt's Avatar
    Join Date
    Oct 2002
    Location
    London, UK
    Posts
    9,595
    As long as you have taken recommended steps and also ensured both your wordpress install and any themes/plugins are all updated to the latest current versions available then you should be OK.

    If you have done nothing, or you are running any wordpress install or theme even 1 version behind latest then you will be vulnerable to security issues. It is VERY important you regularly maintain any scripts you use and ensure you are always current - it is the only way to remain secure.
    .
    Matt
    UnitedHosting Staff

    For official support please use our helpdesk at UnitedSupport.co.uk

    UnitedHosting proudly hosting more than 40,000 sites since 1998.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •