3256 posts
  • Affiliate Level 4
  • Author Level 9
  • Collector Level 2
  • Top Monthly Author
+11 more
ParkerAndKent
says

^

Guys, no need to panic… timthumb as well WP have been always open to hacking… the chances to be hacked are close to 0… many servers don’t allow that type of hacking :)

30 posts
  • 6 Years of Membership
  • Collector Level 4
  • United Kingdom
ant0
says
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
DiogoRedinDevelopment
DiogoRedinDevelopment Recent Posts Threads Started
583 posts
  • Portugal
  • Wordsmith
  • Super Copyright Ninja
  • Author Level 4
+4 more
DiogoRedinDevelopment
says

Theme Updated :bigsmile:

3256 posts
  • Affiliate Level 4
  • Author Level 9
  • Collector Level 2
  • Top Monthly Author
+11 more
ParkerAndKent
says
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.

Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

407 posts
  • Top Monthly Author
  • Weekly Top Seller
  • Elite Author
  • Author Level 9
+7 more
EugeneO
says

ParkerAndKent is right that it’s not something to panic about as it would only take a minute to update the timthumb file in any theme you are using.

Just to clarify, the site that was hacked was the site of the blogger posting about the exploit and not the site of a ThemeForest buyer.

70 posts
  • Affiliate Level 2
  • Author Level 3
  • Collector Level 2
  • 6 Years of Membership
+2 more
ryguy
says
ParkerAndKent said
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.

Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/

3256 posts
  • Affiliate Level 4
  • Author Level 9
  • Collector Level 2
  • Top Monthly Author
+11 more
ParkerAndKent
says
ryguy said
ParkerAndKent said
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.

Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/

Thanks for sharing, that looks great :)

1950 posts Do the Needful
  • Weekly Top Seller
  • Author Level 8
  • Elite Author
  • 5 Years of Membership
+12 more
JamiGibbs
says
ParkerAndKent said
ryguy said
ParkerAndKent said
ant0 said
ParkerAndKent said
... the chances to be hacked are close to 0…
Well going by the OP that’s at least one hacked, so better to be safe than sorry.
Sure, it’s enough to update the script… I just wanted to say to not panic, cuz isn’t necessary ;)

Old versions of timthumb open your WP blog to be exploited. The script only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.

Mark did a re-write called WordThumb: http://markmaunder.com/2011/a-secure-rewrite-of-timthumb-php-as-wordthumb/
Thanks for sharing, that looks great :)

I’m reading this now too. Looks really good so far.

815 posts
  • Affiliate Level 1
  • Author Level 5
  • Collector Level 1
  • Freebie
+3 more
rvision_
says

A little bit off-topic, question for authors:

How do you use timthumb? In image tags, just place the link to timthumb with src in querystring and dimensions? And users set fullsize image wherever is needed an timthumb scales it on the fly?

38 posts
  • Top Monthly Author
  • Trendsetter
  • Weekly Top Seller
  • Author Level 9
+6 more
bqworks
says

It gets even better! WordThumb is now TimThumb 2: http://markmaunder.com/2011/wordthumb-is-now-timthumb-2-0/ :)

by
by
by
by
by
by