Feeds

back to article Zero day bug threatens many WordPress sites

Attackers are exploiting a widely used extension for the WordPress publishing platform to take control of vulnerable websites, one of the victims has warned. The vulnerability affects virtually all websites that have an image-resizing utility called TimThumb running with WordPress, Mark Maunder, CEO of Seattle-based Feedjit, …

COMMENTS

This topic is closed for new posts.
WTF?

One question

Is this timthumb thing part of every wordpress install, or is it a plugin (the word extension is used in the article) that you have to install yourself. The idea that masses of WP sites are exposed implies to me that it's part of wordpress by default?

1
0
Silver badge

Letters, digits.

I think whether you're using TimThumb depends on the theme you're using - so look at the documentation/website of the theme developer.

1
0
Gimp

Frantically scrabbling for answers..

Just had a panic since I use WP a lot; but it appears this is not a plugin.

It's a tool that some theme developers use for convenience, it's just a PHP script that lives in the same folder as the images you want to thumbnail. You don't install it separately since it is part of the theme itself.

Oh.. and I see a lot of people saying that if you have problems with it not generating thumbnails you should open the permissions in that folder to 777. Humm.

Have a look here; a forum posting where someone asks if doing that is a good idea:

http://themeforest.net/forums/thread/timthumb-installation/20219?page=1#188654

1
0
FAIL

Not every Wordpress

Only those that use the plug-in. Secondly users need to have not altered the $allowedSites setting... Anyway, wish your "article" made it a bit clearer as it nearly gave me a heart attack when I was just thinking I was done for the day!

More can be read in the official bug report on their Google Code page:

http://code.google.com/p/timthumb/issues/detail?id=212#c12

0
0
Anonymous Coward

check

I host a few WP sites for a few users, and have warned them against installing every plugin they can find. Not only can they be a potential vector if an exploit comes to light, they also slow down site response time.

Fortunately runnig this in the docroots:

find ./ -type f | grep -i timthumb

revealed no instances.

0
0
Boffin

Pedantic I know but...

surely:

find . -type f -iname \*timthumb\*

Would allow you to avoid the unnecessary pipe?

0
0
FAIL

more thorough purge

Personally, I'd consider the following a little more thorough..

(find . -type f -exec grep -i --with-filename timthumb {} + && find . -iname \*timthumb\*)

A more reliable approach could be:

rm -Rf **/*.php

In my experience, I've found it to clear up about 99.999% of known exploits.

0
1
Silver badge
Headmaster

Not pedantry

Just wrong.

The first command line searches all files for the string 'timthumb', your command line finds files that have the 'timthumb' in the filename, ignoring case.

0
0
Linux

Nope

Both do the same thing. To search all files for timthumb, you would do something like "grep -ri timthumb *".

Though to be honest I probably would have just done "find . | grep -i timthumb". After all, there's no need to limit it to files (you want to find all references to timthumb, right?), and that version only requires me to remember one command option (-i). Maybe I have to turn in my geek card for admitting that I don't remember every option to every command off the top of my head and that I use unnecessary pipes, but I think I can live with that. ;-)

0
0
Meh

It's a shame but

although the core Wordpress code is of a generally high standard, the same cannot be said of a lot of plugins. I've lost count of the number of plugins that have interesting functionality, but when I've checked the code (which I always do before running on a live site), many exhibit basic coding errors.

0
0
Stop

unfortunately

These find scripts dont take into account it being named however

0
0
This topic is closed for new posts.