Tag Archive for TimThumb

How did your site get hacked?

Published on February 28, 2013 By Anti-Malware Admin

Everyone who has had their site hacked wants to know how it happened. Unfortunately there are a lot of way to get hacked and no single method for stopping it. I created this plugin because of a vulnerability in timthumb.php that got widely exploited about a year ago. This very useful timthumb script had a weakness in the way it was written that allowed hackers to place any script on your site thereby enabling them to gain access to your files and spread their infection. A newer and stronger timthumb.php was release to stop this abuse and it is fairly simple to update this file to keep your site from being exploited in this way. One of the things my plugin will do is to find old timthumbs and update them.

But, of course, there are other ways for your server to get infected. Many people don't realise that having their site on a hosting account with other site means sharing the vulnerabilities of all the other sites. Having your site on an isolated account, all by itself, can be a great improvement to your security. You will also need to make sure that your site up-to-date and has no vulnerabilities of it's own. Make sure the plugins and themes you have installed are secure and well trusted.

A lot of people think that they need to change there FTP passwords. This is not a bad idea but it's extremely unlikely that the a hacker is using your FTP account. Once a hacker has exploited a security hole in you website, hosting account, or server they will plant a script on your site to gain full access to your files. Then they don't even need your FTP to inject more malicious code and spread their infection further.

Unfortunately it may be very time consuming and costly to figure out exactly how you got hacked, but stay vigilant and take any security measures you can to avoid being an easy target. With every step you take to secure your site you become harder to hack and less of a target.

Eli Scheetz

Zero Day Vulnerability in timthumb.php is the main problem

Published on February 15, 2012 By Anti-Malware Admin


I was able to find and trace one of the hacks back to thumb.php file. This turned out to be an old version (1.08, 1.14, etc.) of the popular TimThumb script. It turned out there were a lot of old TimThumb script on the server. Many were found in plugins and others were in themes.

I wrote a script to identify old TimThumb files and upgrade them automatically. Now it looks like we finally have a secure server again.