TimThumb: Be Warned

Read this post, check your WordPress set-up and don’t get hacked!

When I first started blogging, several years ago, I initially set-up numerous blogs on subjects that I thought would make me an income. The subjects were not subjects I had much passion about. Hence I got bored.

The blog creation became a chore and I stopped updating them.

When I say I stopped updating them, I no longer added any blog posts and I didn’t update WordPress or any plugins.

I left them dormant and I have not touched them or even looked at them…in many, many months.

I know I’ve written many times about keeping your WordPress blog safe and secure and keeping it up to date and don’t get hacked…

Well…last week several of these ‘old’ sites were hacked.

The hackers had found a way in and were redirecting visitors to other sites.

I removed the hacker’s code…only to find the code back a few hours later.

The hackers had found a ‘back door’ and I had to find it and slam it shut!

After several hours of investigation and research, I found the problem.

Several of my old sites had an insecure piece of software in their set-up, called timthumb.php.

I updated timthumb to the latest version and removed the hacker’s code.

So far, the door looks shut and all is secure.

What’s the moral of this story?

Keep your software, WP version, themes, plugins up to date – even if you are not adding blog posts to your sites anymore!

You can use this plugin to check if you have an old version of timthumb installed:

Timthumb Vulnerability Scanner

, , ,

12 Responses to TimThumb: Be Warned

  1. Mitch Mitchell February 20, 2012 at 8:18 pm #

    Oh yeah, that’s a major big deal. Can’t remember when I first learned of TimThumb but it highlighted the importance of updating software.

  2. Bjorn February 21, 2012 at 8:43 am #

    I had a blog where the hackers injected black hat links in my content.
    The liks could only be seen in the code and not on the visual part of the blog.
    I found out it was hacked when I looked up the most used keywords in Google webmaster tools.
    I knew I never used keywords like viagra and other pharmacy products, still it was according got GWT the most used keywords onm my site.
    I did not use the timthumb.php. Script, and I am not quite sure where the hackers got in. It my be the files on the server had write access and the server was shared.

    • Andrew February 21, 2012 at 10:23 am #

      Bjorn

      Wow…now that is scary!

      I hope you were able to ‘shut the door’.

      Andrew

  3. Andrew February 21, 2012 at 10:21 am #

    Corinne

    You use the Thesis theme and that theme does use the TomThumb code.

    Yours is up to date – I made sure of that!

    Andrew

  4. Andrea Hypno February 21, 2012 at 7:45 pm #

    Thanks for the hint Andrew. I routinely update everything on my blog, themes, plugins and the rest but now I’ll go testing for TimThumb, just in case.

    Have a great day!

  5. Prakash February 22, 2012 at 3:46 pm #

    Hi, Few days ago I found this prob for my word press account. I don’t know how but there are changes in my admin email and password. fortunately I have another account there of my friend, and I got in and deleted the hacker’s account………

  6. Mitch Mitchell February 22, 2012 at 5:21 pm #

    By the way, it seems we can’t unsubscribe from comments on this blog; at least it keeps telling me I don’t have a valid key to access the page that the link takes me ot.

    • Andrew March 1, 2012 at 1:38 pm #

      Mitch

      Thanks for letting me know – I appreciate it and am sorry.

      I’ve changed the plugin I use now.

      Andrew

  7. Andrew Walker February 24, 2012 at 5:26 am #

    Woa… I just started a new blog. I think I gotta bookmark this page. It’s going to be very useful! Thanks a lot for sharing this.

  8. David Sneen February 25, 2012 at 2:05 am #

    Hi Andrew, Fortunately, I have had no such experiences with hackers. Naturally, that is one of my worst nightmares. (Time to make back up files just in case.) And, I am forewarned to keep updating! Thanks.

  9. Rizwan Sultan February 27, 2012 at 11:14 pm #

    Hi David,

    I mostly activate minimum plugins in my sites I recently used timthumb in my blog but after your warning I think i need too install timthumb vulnerability for save end.

  10. Felicia March 1, 2012 at 8:19 am #

    Hi Andrew,
    That sure is a bummer. Thanks for informing us about TimThumb. Your experience here serves as a reminder that a blog owner must always update his or her software, themes, plugins and WP version.

Leave a Reply

Please note: Here at WeBuildYourBlog.com, we welcome your comments...supportive, critical or otherwise. However, we censor and delete all comments if they contain the following: Off-topic statements, links to sales pages or services, abusive content, vulgarity, personal attacks, spam or simply saying 'nice post...keep it up!'. Those who violate this policy will be blocked from commenting.