TimThumb: Be Warned

0 Flares Twitter 0 Facebook 0 Google+ 0 LinkedIn 0 Email -- Buffer 0 0 Flares ×

Read this post, check your WordPress set-up and don’t get hacked!

When I first started blogging, several years ago, I initially set-up numerous blogs on subjects that I thought would make me an income. The subjects were not subjects I had much passion about. Hence I got bored.

The blog creation became a chore and I stopped updating them.

When I say I stopped updating them, I no longer added any blog posts and I didn’t update WordPress or any plugins.

I left them dormant and I have not touched them or even looked at them…in many, many months.

I know I’ve written many times about keeping your WordPress blog safe and secure and keeping it up to date and don’t get hacked…

Well…last week several of these ‘old’ sites were hacked.

The hackers had found a way in and were redirecting visitors to other sites.

I removed the hacker’s code…only to find the code back a few hours later.

The hackers had found a ‘back door’ and I had to find it and slam it shut!

After several hours of investigation and research, I found the problem.

Several of my old sites had an insecure piece of software in their set-up, called timthumb.php.

I updated timthumb to the latest version and removed the hacker’s code.

So far, the door looks shut and all is secure.

What’s the moral of this story?

Keep your software, WP version, themes, plugins up to date – even if you are not adding blog posts to your sites anymore!

You can use this plugin to check if you have an old version of timthumb installed:

Timthumb Vulnerability Scanner

Related Posts Plugin for WordPress, Blogger...
0 Flares Twitter 0 Facebook 0 Google+ 0 LinkedIn 0 Email -- Buffer 0 0 Flares ×

, , ,

13 Responses to TimThumb: Be Warned

  1. Mitch Mitchell February 20, 2012 at 8:18 pm #

    Oh yeah, that’s a major big deal. Can’t remember when I first learned of TimThumb but it highlighted the importance of updating software.
    Mitch Mitchell recently posted..A MLM RantMy Profile

  2. Corinne Edwards
    February 20, 2012 at 9:47 pm #

    Dear Andrew –

    Terrifying post.

    Hope I don’t have any Tom Thumbs. Never heard of them before.

    I was hacked once – before I knew you and you were looking out for me.

    It was a nightmare. Costly to fix and I lost at least 100 subscibers in the fixing because it was not apparent who the culprit was.
    Corinne Edwards recently posted..LOVE ON THE ROCKS – Bad Relationships – Good Endings – now on AmazonMy Profile

    • Andrew
      February 21, 2012 at 10:21 am #


      You use the Thesis theme and that theme does use the TomThumb code.

      Yours is up to date – I made sure of that!

      Andrew recently posted..TimThumb: Be WarnedMy Profile

  3. Bjorn
    February 21, 2012 at 8:43 am #

    I had a blog where the hackers injected black hat links in my content.
    The liks could only be seen in the code and not on the visual part of the blog.
    I found out it was hacked when I looked up the most used keywords in Google webmaster tools.
    I knew I never used keywords like viagra and other pharmacy products, still it was according got GWT the most used keywords onm my site.
    I did not use the timthumb.php. Script, and I am not quite sure where the hackers got in. It my be the files on the server had write access and the server was shared.
    Bjorn recently posted..WordPress SEO plugin tutorialMy Profile

  4. Andrea Hypno
    February 21, 2012 at 7:45 pm #

    Thanks for the hint Andrew. I routinely update everything on my blog, themes, plugins and the rest but now I’ll go testing for TimThumb, just in case.

    Have a great day!
    Andrea Hypno recently posted..How to Open Your Third Eye Step by StepMy Profile

  5. Prakash
    February 22, 2012 at 3:46 pm #

    Hi, Few days ago I found this prob for my word press account. I don’t know how but there are changes in my admin email and password. fortunately I have another account there of my friend, and I got in and deleted the hacker’s account………
    Prakash recently posted..Typosquatting Sites: Taking advantage of your misspellingMy Profile

  6. Mitch Mitchell February 22, 2012 at 5:21 pm #

    By the way, it seems we can’t unsubscribe from comments on this blog; at least it keeps telling me I don’t have a valid key to access the page that the link takes me ot.
    Mitch Mitchell recently posted..Are You Sometimes A Prima Donna?My Profile

  7. Andrew Walker February 24, 2012 at 5:26 am #

    Woa… I just started a new blog. I think I gotta bookmark this page. It’s going to be very useful! Thanks a lot for sharing this.
    Andrew Walker recently posted..Karen Millen Promotional CodesMy Profile

  8. David Sneen
    February 25, 2012 at 2:05 am #

    Hi Andrew, Fortunately, I have had no such experiences with hackers. Naturally, that is one of my worst nightmares. (Time to make back up files just in case.) And, I am forewarned to keep updating! Thanks.

  9. Rizwan Sultan February 27, 2012 at 11:14 pm #

    Hi David,

    I mostly activate minimum plugins in my sites I recently used timthumb in my blog but after your warning I think i need too install timthumb vulnerability for save end.

  10. Felicia March 1, 2012 at 8:19 am #

    Hi Andrew,
    That sure is a bummer. Thanks for informing us about TimThumb. Your experience here serves as a reminder that a blog owner must always update his or her software, themes, plugins and WP version.
    Felicia recently posted..L.A. Poker Classic: The Final Table is set!My Profile

Leave a Reply

CommentLuv badge
Please note: Here at WeBuildYourBlog.com, we welcome your comments...supportive, critical or otherwise. However, we censor and delete all comments if they contain the following: Off-topic statements, links to sales pages or services, abusive content, vulgarity, personal attacks, spam or simply saying 'nice post...keep it up!'. Those who violate this policy will be blocked from commenting.
0 Flares Twitter 0 Facebook 0 Google+ 0 LinkedIn 0 Email -- Buffer 0 0 Flares ×