3256 posts
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Exclusive Author
  • Interviewed on the Envato Notes blog
  • Beta Tester
  • Author had a File in an Envato Bundle
  • Author had a Free File of the Month
+4 more
ParkerAndKent says

^

Guys, no need to panic… timthumb as well WP have been always open to hacking… the chances to be hacked are close to 0… many servers don’t allow that type of hacking :)

30 posts
  • Bought between 100 and 499 items
  • Has been a member for 5-6 years
  • United Kingdom
ant0 says
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
542 posts
  • Exclusive Author
  • Europe
  • Sold between 5 000 and 10 000 dollars
  • Has been a member for 3-4 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Contributed a Blog Post
  • Bought between 10 and 49 items
  • Referred between 1 and 9 users
ThemesFever says

Theme Updated :bigsmile:

3256 posts
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Exclusive Author
  • Interviewed on the Envato Notes blog
  • Beta Tester
  • Author had a File in an Envato Bundle
  • Author had a Free File of the Month
+4 more
ParkerAndKent says
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.

Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

374 posts
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Has been a member for 3-4 years
  • United Kingdom
  • Referred between 100 and 199 users
  • Bought between 1 and 9 items
  • Exclusive Author
EugeneO says

ParkerAndKent is right that it’s not something to panic about as it would only take a minute to update the timthumb file in any theme you are using.

Just to clarify, the site that was hacked was the site of the blogger posting about the exploit and not the site of a ThemeForest buyer.

70 posts
  • Sold between 1 000 and 5 000 dollars
  • Has been a member for 5-6 years
  • Exclusive Author
  • Bought between 10 and 49 items
  • Referred between 1 and 9 users
  • United States
ryguy says
ParkerAndKent said
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.

Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/

3256 posts
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Exclusive Author
  • Interviewed on the Envato Notes blog
  • Beta Tester
  • Author had a File in an Envato Bundle
  • Author had a Free File of the Month
+4 more
ParkerAndKent says
ryguy said
ParkerAndKent said
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.

Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/

Thanks for sharing, that looks great :)

1947 posts Do the Needful
  • Envato Staff
  • Elite Author
  • Sold between 100 000 and 250 000 dollars
  • Has been a member for 3-4 years
  • United States
  • Support Staff
  • Author had a Free File of the Month
  • Microlancer Beta Tester
  • Contributed a Blog Post
+7 more
JamiGibbs Staff says
ParkerAndKent said
ryguy said
ParkerAndKent said
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.

Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/
Thanks for sharing, that looks great :)

I’m reading this now too. Looks really good so far.

812 posts
  • Author had a Free File of the Month
  • Exclusive Author
  • Sold between 10 000 and 50 000 dollars
  • Bought between 1 and 9 items
  • Referred between 1 and 9 users
  • Serbia
  • Has been a member for 5-6 years
rvision_ says

A little bit off-topic, question for authors:

How do you use timthumb? In image tags, just place the link to timthumb with src in querystring and dimensions? And users set fullsize image wherever is needed an timthumb scales it on the fly?

29 posts
  • Sold between 250 000 and 1 000 000 dollars
  • Elite Author
  • Has been a member for 3-4 years
  • Exclusive Author
  • Europe
  • Bought between 100 and 499 items
  • Referred between 500 and 999 users
bqworks says

It gets even better! WordThumb is now TimThumb 2: http://markmaunder.com/2011/wordthumb-is-now-timthumb-2-0/ :)

by
by
by
by
by
by