3256 posts
  • Has referred 100+ members
  • Has sold $250,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+9 more
ParkerAndKent says

^

Guys, no need to panic… timthumb as well WP have been always open to hacking… the chances to be hacked are close to 0… many servers don’t allow that type of hacking :)

30 posts
  • Has been part of the Envato Community for over 5 years
  • Has collected 100+ items on Envato Market
  • Located in United Kingdom
ant0 says
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
DiogoRedinDevelopment
DiogoRedinDevelopment Recent Posts Threads Started
576 posts
  • Located in Portugal
  • Contributed a blog post
  • Helped several times protecting Envato Market against copyright violations
  • Has sold $5,000+ on Envato Market
+4 more
DiogoRedinDevelopment says

Theme Updated :bigsmile:

3256 posts
  • Has referred 100+ members
  • Has sold $250,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+9 more
ParkerAndKent says
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.

Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

399 posts
  • Has referred 100+ members
  • Has sold $250,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+5 more
EugeneO says

ParkerAndKent is right that it’s not something to panic about as it would only take a minute to update the timthumb file in any theme you are using.

Just to clarify, the site that was hacked was the site of the blogger posting about the exploit and not the site of a ThemeForest buyer.

70 posts
  • Has referred 10+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Has been part of the Envato Community for over 6 years
+2 more
ryguy says
ParkerAndKent said
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.

Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/

3256 posts
  • Has referred 100+ members
  • Has sold $250,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+9 more
ParkerAndKent says
ryguy said
ParkerAndKent said
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.

Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/

Thanks for sharing, that looks great :)

1950 posts Do the Needful
  • Has sold $125,000+ on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has been part of the Envato Community for over 4 years
  • Has referred 10+ members
+10 more
JamiGibbs says
ParkerAndKent said
ryguy said
ParkerAndKent said
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.

Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/
Thanks for sharing, that looks great :)

I’m reading this now too. Looks really good so far.

815 posts
  • Has referred 1+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Contributed a free file of the month
+3 more
rvision_ says

A little bit off-topic, question for authors:

How do you use timthumb? In image tags, just place the link to timthumb with src in querystring and dimensions? And users set fullsize image wherever is needed an timthumb scales it on the fly?

29 posts
  • Has sold $250,000+ on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
  • Made it to the Authors' Hall of Fame
  • Sells items exclusively on Envato Market
+4 more
bqworks says

It gets even better! WordThumb is now TimThumb 2: http://markmaunder.com/2011/wordthumb-is-now-timthumb-2-0/ :)

Helpful Information

  • Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
  • Open a support ticket if you would like specific help with your account, deposits or purchases.
  • Item Support by authors is optional and may vary. Please see the Support tab on each item page.

Most of all, enjoy your time here. Thank you for being a valued Envato community member.

Post Reply

Format your entry with some basic HTML. Read the Full Details, or here is a refresher:

<strong></strong> to make things bold
<em></em> to emphasize
<ul><li> or <ol><li> to make lists
<h3> or <h4> to make headings
<pre></pre> for code blocks
<code></code> for a few words of code
<a></a> for links
<img> to paste in an image (it'll need to be hosted somewhere else though)
<blockquote></blockquote> to quote somebody

:grin: :shocked: :cry: Complete List of Smiley Codes

by
by
by
by
by
by