1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress blogs are at risk

Discussion in 'Blogging' started by wannabie, Aug 3, 2011.

  1. wannabie

    wannabie Elite Member

    Joined:
    Mar 11, 2009
    Messages:
    3,807
    Likes Received:
    2,954
    Occupation:
    Seo and Marketing Suprisingly
    Location:
    Your bedroom window
    Home Page:
    TENS OR HUNDREDS OF THOUSANDS of Wordpress installations are at risk of being compromised because of a critical vulnerability in a popular third-party image manipulation script called timthumb.
    The affected image utility is not part of the main Wordpress package, but is incorporated in many popular Wordpress themes. The script consists of a single file called timthumb.php and facilitates on-the-fly image cropping, zooming and resizing.
    Timthumb defines a white list of remote domain names from which images can be fetched by default, which include popular image hosting web sites like Flickr.com, Picasa.com, Blogger.com, Wordpress.com, Photobucket.com and others.


    Read more: http://www.theinquirer.net/inquirer/news/2099162/wordpress-blogs-risk#ixzz1TyrhkHxK
    The Inquirer - Computer hardware news and downloads. Visit the download store today.

    Just so you know :)
     
    • Thanks Thanks x 2
  2. seoguy81

    seoguy81 Power Member

    Joined:
    May 18, 2011
    Messages:
    779
    Likes Received:
    163
    Occupation:
    Full time IM
    Location:
    My Desk
    Interesting article. I'm not a php guru but having checked timthumb.php

    PHP:
    // external domains that are allowed to be displayed on your website 
    $allowedSites = array (     
         
    'flickr.com',     
         
    'picasa.com',     
         
    'img.youtube.com'
    );
    Wouldn't it solve the problem by removing the external domains and instead use only your domain? That is if the blog in question doesn't pull images off the domains mentioned in the function..
     
  3. ronywilliam

    ronywilliam Senior Member

    Joined:
    Jan 20, 2011
    Messages:
    1,150
    Likes Received:
    431
    Trophaeum made a post about this:
    Code:
    http://www.blackhatworld.com/blackhat-seo/blackhat-lounge/337505-wordpress-zero-day.html
    Hope it helps!
     
    • Thanks Thanks x 1
  4. everythingred

    everythingred Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 21, 2010
    Messages:
    1,871
    Likes Received:
    1,234
    The thread above features a simple edit that fixes the problem
     
  5. SahL

    SahL Elite Member

    Joined:
    Jan 8, 2011
    Messages:
    1,594
    Likes Received:
    1,296
    Occupation:
    ★SEO expert and ★Sexpert
    Location:
    Bombay
    Home Page:
    Last edited: Aug 3, 2011
  6. seoguy81

    seoguy81 Power Member

    Joined:
    May 18, 2011
    Messages:
    779
    Likes Received:
    163
    Occupation:
    Full time IM
    Location:
    My Desk
    Yep, checked with wordpress.stackexchange as well. Removing those domains does the job.
     
  7. CyberSEO

    CyberSEO Senior Member

    Joined:
    Jul 14, 2011
    Messages:
    939
    Likes Received:
    256
    Occupation:
    programmer
    Home Page:
    I don't use that plugin, but thanks for the heads up.
     
  8. bloomtools

    bloomtools Registered Member

    Joined:
    Aug 2, 2011
    Messages:
    68
    Likes Received:
    3
    Thanks for this good information you have shared with us.
     
  9. SahL

    SahL Elite Member

    Joined:
    Jan 8, 2011
    Messages:
    1,594
    Likes Received:
    1,296
    Occupation:
    ★SEO expert and ★Sexpert
    Location:
    Bombay
    Home Page:
    Its not in a plugin bro. its a part of many blog themes.

    Also if you dont find timthumb.php search for thumb.php


     
  10. dima054

    dima054 Regular Member

    Joined:
    Jan 19, 2011
    Messages:
    447
    Likes Received:
    154
    I found it in the Gazette nulled theme, from here. And in some IGIT related posts plugins(only one related posts plugin that actually works with my sites for some reason). And all my sites were hacked couple of days earlier
     
  11. SilverMovieDownloads

    SilverMovieDownloads Power Member

    Joined:
    Jun 12, 2011
    Messages:
    728
    Likes Received:
    675
    thank god i am using old fashion html coding :)
     
  12. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Here's the fix I posted on another thread:

    Replace the timthump.php file in your blog theme with this update to close the vulnerability:

    http://code.google.com/p/timthumb/

    That said looking at the the Timthumb issue stack I'm not necessarily sure that the developer has completely closed the exploit since the status says started:

    212 Defect Started Medium ---- ---- Zero day vulnerability that gives remote attacker shell access
    217 Defect Started Medium ---- ---- Timthumb must not use web accessible dir as cach
     
  13. dima054

    dima054 Regular Member

    Joined:
    Jan 19, 2011
    Messages:
    447
    Likes Received:
    154
    Just remove those allowed domains and feel safe until next 0day
     
  14. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Nice! Received a notice from my FatCow host that they have replaced all of the Timthumb files with an updated file automatically! Saved me some time!
     
  15. bluemonster

    bluemonster Junior Member

    Joined:
    Jun 13, 2011
    Messages:
    106
    Likes Received:
    13
    Location:
    Adent.io
    Home Page:
    hostgator did nothing. But manually removed the external src sites from timthumb. friends top tech blog got hacked due to a related post plugin which uses timthumb for thumbnail view. some one uploaded a shell server script to his host using the vulnerability.
     
  16. VIC SEO

    VIC SEO Elite Member

    Joined:
    Feb 19, 2010
    Messages:
    2,156
    Likes Received:
    363
    Gender:
    Male
    Occupation:
    SEO Specialist
    Location:
    iSynergyMedia
    Home Page:
    I really hope it works, most of my sites are built in Wordpress.
     
  17. SiLvi Street Rapper

    SiLvi Street Rapper Registered Member

    Joined:
    Aug 17, 2011
    Messages:
    61
    Likes Received:
    1
    Occupation:
    Webmaster
    Location:
    Los Angelos
    Home Page:
    this was posted and before