WARNING! DANGER! Got A Wordpress Fancy Theme or Timthumb? Vital Hackers Alert!

13 years ago

here is some additional information and also some instructions (scroll to bottom) to see if you have been hacked Zero Day Vulnerability in many Wordpress Themes | mm

[ 3 ] Thanks
1 reply

{{ DiscussionBoard.errors[4396839].message }}

Jill Carpenter 13 years ago

Anyone else who may have headway - they have pushed an update which solves the issue.

It looks like it is recommended that you delete old versions after you have updated.

There are going to be a TON of people using wordpress who are not paying attention - so please comment to keep this thread active for a bit and help spread the word.
- Thanks
Signature

"May I have ten thousand marbles, please?"
{{ DiscussionBoard.errors[4396914].message }}

Gary King

13 years ago

Thanks for sharing Jill, it never hurts to spread good info for others to help protect themselves.

All success,

Gary

Thanks

Signature

===========================

OFFLINERS! Warning: Unless You Know These Pricing Secrets, You are Leaving THOUSANDS on the Table. Get Your Free Report Now.

{{ DiscussionBoard.errors[4396939].message }}

GregSilva

13 years ago

Thank you for the heads up, Jill. I will look for this on my Wordpress blogs right now.

Thanks
1 reply

{{ DiscussionBoard.errors[4396977].message }}

Jill Carpenter 13 years ago

Originally Posted by GregSilva

Thank you for the heads up, Jill. I will look for this on my Wordpress blogs right now.

I saw this initially and was like, "oh crap, I'm too lazy to go into my cpanel and look for this right now."

And then I thought, "oh crap, it will be me who has this silly file on one of my sites and gets hacked while I sleep."

And then I said to myself, "Jill, you need a cocktail, and you need to get your arse into the cpanel and take care of this."

True story. :p
- [ 2 ] Thanks
Signature

"May I have ten thousand marbles, please?"
{{ DiscussionBoard.errors[4397002].message }}

BridgetSielicki

13 years ago

Thanks for the heads up Jill, these files are something everyone should definitely check for, especially since an infected site may not appear to be infected right away

Thanks

Signature

60% OFF SALE Entire PLR Store. Ends 9/8. Shop Now!

{{ DiscussionBoard.errors[4397020].message }}

joseph7384

13 years ago

[DELETED]

{{ DiscussionBoard.errors[4397143].message }}

Jill Carpenter 13 years ago

Originally Posted by joseph7384

I followed theses instructions and the search result was no file found, are there any other files or themes that I should be concerned with.

Joseph

You may be ok.

It is only specific plugins and themes - but it is a good number of them and so many people use wordpress in general it is good to check.

Odds are if you are using a lot of free themes you will be ok. This tends to fall more toward premium themes or paid plugins.
- Thanks
Signature

"May I have ten thousand marbles, please?"
{{ DiscussionBoard.errors[4397224].message }}

DaveDempsey

13 years ago

Originally Posted by joseph7384

I followed theses instructions and the search result was no file found, are there any other files or themes that I should be concerned with.

Joseph

Well this script can be ran from any file name ending in .php. So the creator of your theme might have labeled it something else.

The best place to check is your theme's creators website. I found out from mine that the file I was looking for was thumb.php (check on their blog if they have one).

Thanks
1 reply

{{ DiscussionBoard.errors[4397233].message }}

ExRat

13 years ago

Hi Jill,

There's a little lesson here, that perhaps not everyone will see.

I once wasted some good money on a fancy theme that was supposed to make life easier but it did the opposite.

There is a tendency for people to jump on the bandwagon when others talk about how cool a paid theme is, because it has easy to use functions in the menus etc and it looks cool.

I eventually went the other way after learning the lesson. I learnt how to use child themes and I utilise the most common basic themes that come with Wordpress. I'm pretty keen on the 2010 theme and with a child theme you can change almost anything easily (once you grasp a little CSS).

Lesson 1 - all that glitters is not gold.

Lesson 2 - real IMers aren't scared of a little code and prefer to be in total control

HTH

[ 2 ] Thanks
2 replies

Signature

Roger Davis

{{ DiscussionBoard.errors[4397365].message }}

Jill Carpenter

13 years ago

Originally Posted by ExRat

Lesson 1 - all that glitters is not gold.

Lesson 2 - real IMers aren't scared of a little code and prefer to be in total control

HTH

Well, I'm going to agree to disagree with you.

I like to play with fun and fancy stuff that honestly I just don't have the time to learn how to code from scratch.

All that glitters may not be gold, but some of it sure is purdy.

Thanks
1 reply

Signature

"May I have ten thousand marbles, please?"

{{ DiscussionBoard.errors[4397474].message }}

ExRat

13 years ago

Hi Jill,

Well, I'm going to agree to disagree with you.

That's great, we can possibly learn something from each other here

I like to play with fun and fancy stuff

Of course, we all do. But put your business head on - how would you like to play with fancy stuff that gives you lots more control over your business and a feeling of empowerment, plus the knowledge that something is actually way less complicated than you thought and that you are capable of cracking it?

Imagine what it feels like to be able to alter anything on your theme without anyone elses assistance (except perhaps Google)?

I just don't have the time to learn how to code from scratch

That's the point I'm getting at in a nutshell (in two parts).

1) you can't not have the time to learn this stuff, if you're an IMer. It's more important than almost anything else, unless you can afford a full time assistant for these things (and most people will probably only get to that point by doing it themselves initially.) That assistant is just a luxury in reality. Plus there's nothing more important with an assistant, than being able to show them how to do something when they get stuck. That way, they know that you know what their job entails.

2) this one's the kicker - I know that code is frightening, but it's one of those optical illusions. I'm talking about absolute basic CSS. It's not really 'code'. There is one difficult mountain to climb before seeing it from a different perspective. That mountain might take an hour or two of frustration and complete bewilderment.

Many will give up on that mountain saying to themselves 'I'm just not cut out for this' and there are tons of 'mountain-climbed-coders' waiting to hold hostage those who haven't got the intestinal fortitude to make that climb.

The most important mountains we can ever climb are the ones where we nearly give up because 'I'm just not cut out for this.' Climb enough of those and one can do anything.

If you hear a voice within you say "you cannot paint," then by all means paint, and that voice will be silenced - Vincent Van Gogh.

It matters not whether I convince you Jill, but I at least have to give it my best shot

All that glitters may not be gold, but some of it sure is purdy.

LOL.

Why does that statement sound so delightfully (but scarily) feminine? Sends my wallet into shock mode!

[ 1 ] Thanks
1 reply

Signature

Roger Davis

{{ DiscussionBoard.errors[4397783].message }}

sanssecret

13 years ago

OMG, I use Elegant themes and they use this in all their themes. Still, I've managed to go in and edit the files.

My problem is, the lower half of the article, (how to find out if you've been hacked) has me totally bamboozled. (not hard to do I admit

).

Can someone explain to me what the heck 'ssh' is? And how do I use it? And what the heck is 'grepping'? Techie? Kinky?

Just a thought... ( I do get them occasionally), has this been posted in the SEO/programming forum? Might be worth having it in there where the geeks hang out and they can come up with a quick fix solution for us all.

Thanks
2 replies

Signature

San

The man who views the world at fifty the same as he did at twenty has wasted thirty years of his life. ~Muhammad Ali
Pay me to play. :) Order a Custom Cover today.

{{ DiscussionBoard.errors[4398264].message }}

Brian Alaway 13 years ago

Originally Posted by sanssecret

Can someone explain to me what the heck 'ssh' is? And how do I use it? And what the heck is 'grepping'? Techie? Kinky?

Think of it as encryption for your file transfers. Highly recommended. They mention Putty and WinSCP for client support but Filezilla also supports SSH/SFTP.
Hostgator Support - How do I get and use SSH access?

If you're not using HG, you may need to call you hosting support to make sure they offer ssh access, what port to use and they may need to activate it for you (e.g. Bluehost uses port 22 and HG uses port 2222).

grep - Wikipedia, the free encyclopedia
- [ 2 ] Thanks
Signature
How to Configure Secure FTP
{{ DiscussionBoard.errors[4401446].message }}

SteveJohnson

13 years ago

Originally Posted by sanssecret

OMG, I use Elegant themes and they use this in all their themes. Still, I've managed to go in and edit the files.

My problem is, the lower half of the article, (how to find out if you've been hacked) has me totally bamboozled. (not hard to do I admit

).

Can someone explain to me what the heck 'ssh' is? And how do I use it? And what the heck is 'grepping'? Techie? Kinky?

Get your hosting company to do it for you. They can pipe the results to a text file you can download.

'SSH' is a protocol (like HTTP or FTP) for talking directly to a server, in server language, kind of like the old DOS language.

PuTTY and others are programs that are called 'terminal emulators' - they act like the old computer terminals. They use the SSH protocol to let you interact with the actual web server machine.

'Grep' is a search program that runs on the web server machine. It's kind of a standard program that's included with the Linux operating system that most web servers run.

[ 1 ] Thanks

Signature

The 2nd Amendment, 1789 - The Original Homeland Security.

Gun control means never having to say, "I missed you."

{{ DiscussionBoard.errors[4401711].message }}

CDarklock 13 years ago

Originally Posted by ExRat

I once wasted some good money on a fancy theme that was supposed to make life easier but it did the opposite.

I was using a theme called "Adventure Journal." I upgraded to WP 3.2.1 and it broke. I upgraded AJ to the latest version and it was still broken. I switched to the default WP Twenty Eleven theme, tweaked three settings, and it looks more or less like AJ did. I'm pretty sure Twenty Eleven will just continue to work forever.
- Thanks
Signature

"The Golden Town is the Golden Town no longer. They have sold their pillars for brass and their temples for money, they have made coins out of their golden doors. It is become a dark town full of trouble, there is no ease in its streets, beauty has left it and the old songs are gone." - Lord Dunsany, The Messengers
{{ DiscussionBoard.errors[4398047].message }}

DaveDempsey

13 years ago

Thanks for the heads up! This looks nasty I just hope no one here is affected badly.

Time to check my servers.

Thanks

{{ DiscussionBoard.errors[4397146].message }}

imdomination

13 years ago

Thanks for posting this Jill. I know someone who has had their site hacked, the title of their site changed to some relatively pornographic keywords and their ranking has gone from #3 to #54 for the keyword so far because of it.

Not a good thing at all, at least none of my sites have the file.

Thanks

Signature

Learn How YOU Can Make $10,000/Month Flipping Websites Now!

{{ DiscussionBoard.errors[4398014].message }}

Apollo-Articles

13 years ago

Thanks, did a search and found it within one theme - updated to the latest version as recommended.

Sam

Thanks
1 reply

Signature

AT LAST: "At Last...A US Writing Team That Delivers High Quality Articles At Unbelievable Prices!"

{{ DiscussionBoard.errors[4398854].message }}

Jill Carpenter

13 years ago

Originally Posted by sanssecret

OMG, I use Elegant themes and they use this in all their themes. Still, I've managed to go in and edit the files.

My problem is, the lower half of the article, (how to find out if you've been hacked) has me totally bamboozled. (not hard to do I admit

).

Can someone explain to me what the heck 'ssh' is? And how do I use it? And what the heck is 'grepping'? Techie? Kinky?

Just a thought... ( I do get them occasionally), has this been posted in the SEO/programming forum? Might be worth having it in there where the geeks hang out and they can come up with a quick fix solution for us all.

Ha ha. Grepping does sound a bit dirty. Especially when you tell me to shh before you do it.

Thanks

Signature

"May I have ten thousand marbles, please?"

{{ DiscussionBoard.errors[4399157].message }}

sbucciarel

Banned 13 years ago

I use Woo Gazette theme a lot. Just checked and it appears that they have renamed timthumb.php to thumb.php.

I just edited thumb.php to the recommended changes and uploaded it at
http://domainingdiva.com/thumb.php

If you use it and your files are called timthumb.php instead of thumb.php, just rename the file to timthumb.php

The file can be found in your theme folder, so if say ... you use Gazette, it would be found in
domain.com/wp-content/themes/gazette/

Thanks

{{ DiscussionBoard.errors[4399380].message }}

BIG Mike

Banned 13 years ago

[DELETED]

{{ DiscussionBoard.errors[4399728].message }}

Istvan Horvath 13 years ago

Originally Posted by BIG Mike

My theme has 2 just two files - index.php,[...] and styles.css, [...].

Most present users don't know that before WP version 1.5, when the theme system has been introduced... actually, we used exactly that: an index.php and a style.css file. Nothing else

The very first themes were made by "cutting up" that index file into pieces and naming them based on what they contained:
- header.php
- index.php (the main 'body' part of the original index)
- sidebar.php
- footer.php

It was supposed to make the customization easier.

Then some general template files were added; all of them, practically, replace the main index file when they are called into the above "scheme". In other words, when you display a list of older posts in a certain month (aka archives of your posts) the archives.php will replace the index; when a Page is shown, page.php comes in, for one post - single.php etc.

The last major change was adding the functions.php... and from there nobody can follow what's going on.

Even between the last two 'official' WP themes (2010 & 2011) there are so many essential differences that you have to learn them from scratch.

[here goes your theme history in a nutshell...]
- [ 3 ] Thanks
Signature
{{ DiscussionBoard.errors[4402780].message }}
- BIG Mike Banned 13 years ago
  
  [DELETED]
  
  {{ DiscussionBoard.errors[4402813].message }}
  
  McT 13 years ago
  
  Thanks for the heads up. Checked for the file through cpanel and took care of the problem as per the instructions.
  
  Best Regards
  Barb
  
  Thanks
  
  {{ DiscussionBoard.errors[4402995].message }}

Lyanna

13 years ago

Thank, I had Timthumb on two WP blogs. Fixed and no problems with hacking, thank goodness. Three of my images got broken (from the blog in my sig) but its not too bad, easily fixed once I have the time.

Thanks

{{ DiscussionBoard.errors[4400083].message }}

Matt Ward

13 years ago

Thanks for this notice! I had 2 sites that have this plugin incorporated, and yes, it was vulnerable. I think there are a lot of older themes that use this plugin and may never be updated... scary.

edit: It seems as though external loading is set to "false" by default, so it may not be as huge of an exploit as it seems. It's still an issue to be concerned about, though.

Thanks

Signature

"Keep moving forward."

{{ DiscussionBoard.errors[4400931].message }}

Dustin Goode

13 years ago

Thank you for the heads up! I had to edit a few of my sites' timthumb.php!

Thanks

Signature

-Dustin

{{ DiscussionBoard.errors[4401134].message }}

GoldenGlovez

13 years ago

I have quite a few sites running themes that use timthumb. Updated them all this morning quick and painless! Less than 5 minutes to update about 10 sites using timthumb. Don't slack on fixing this huge security issue!

Thanks

{{ DiscussionBoard.errors[4401722].message }}

Blacklisted

13 years ago

interesting..

Thanks

Signature

Visit my Site
Factoring Calculator
Psychology Definition

{{ DiscussionBoard.errors[4401877].message }}

CyberSorcerer

13 years ago

Just to let other know, who might be using 'ProfiteThemes', I found the same $allowedSites array in thumb.php on line 24.

Thanks

{{ DiscussionBoard.errors[4401994].message }}

Chris Mercer

13 years ago

Just updated mine as well (using OptimizePress). Everything seems to be working so far... thanks for the keeping this topic alive!

I was in the same "procrastination" phase as you were Jill... sadly... no cocktails nearby.

BTW... Anyone try this one yet?

http://markmaunder.com/2011/a-secure...-as-wordthumb/

- Mercer

Thanks
1 reply

{{ DiscussionBoard.errors[4403401].message }}

Jill Carpenter 13 years ago

Originally Posted by Chris Mercer

I was in the same "procrastination" phase as you were Jill... sadly... no cocktails nearby.

It's always good to have a bottle on hand just for emergency occasions like this.
- Thanks
Signature

"May I have ten thousand marbles, please?"
{{ DiscussionBoard.errors[4406974].message }}

Lyanna

13 years ago

Turns out some images of mine are now bad/not loading but I am too lazy to fix it still. I'm glad I was at least able to fix the security of my blogs but going back and doing those images again will be a pain.

Thanks
1 reply

{{ DiscussionBoard.errors[4408885].message }}

fluffythewondercat 13 years ago

I just had a visit to my blog from a Russian hacker.

I know this because I have Clicky. And he was looking for ET WordPress themes.

Fortunately, yesterday I uploaded the new safe theme. And I did a full backup and stored it on my computer.

It still runs a chill down your spine, though.

fLufF
--
- Thanks
Signature

Fiverr is looking for freelance writers for its blog. Details here.
Love microjobs? Work when you want and get paid in cash the same day!
{{ DiscussionBoard.errors[4408912].message }}

dsouravs

13 years ago

Elegant themes also have timthumb.php

Thanks
1 reply

Signature

I can convert your Non-Responsive website to Responsive website ... How sweet is that? :)

{{ DiscussionBoard.errors[4409072].message }}

Dennis Gaskill

13 years ago

Originally Posted by CyberSorcerer

Just to let other know, who might be using 'ProfiteThemes', I found the same array in thumb.php on line 24.

What that suppose to be "ProfiteThemes" ... just curious because there's also a "Profits Theme" so I wondered if it was a typo?

Thanks
1 reply

Signature

Just when you think you've got it all figured out, someone changes the rules.

{{ DiscussionBoard.errors[4409315].message }}

MikeHumphreys

13 years ago

Originally Posted by Dennis Gaskill

What that suppose to be "ProfiteThemes" ... just curious because there's also a "Profits Theme" so I wondered if it was a type?

Just checked... there is a thumb.php file with the same TimThumb coding in the Profits Theme.

[ 1 ] Thanks
1 reply

Signature

Kickstart Your Copywriting Business: How To Get Loads of New Clients FAST!

Kick-A$$ Eight-Figure Producing Copywriting Gun For Hire | Marketing & Copywriting Blog

{{ DiscussionBoard.errors[4409520].message }}

Dennis Gaskill

13 years ago

Originally Posted by MikeHumphreys

Just checked... there is a thumb.php file with the same TimThumb coding in the Profits Theme.

Yup, found the same thing and fixed. I only found one copy of it, though one article I read said there could be more than one copy in various locations. Did you find just the one copy too, or more?

Thanks
1 reply

Signature

Just when you think you've got it all figured out, someone changes the rules.

{{ DiscussionBoard.errors[4409850].message }}

Alex Barboza

13 years ago

Originally Posted by Dennis Gaskill

Yup, found the same thing and fixed. I only found one copy of it, though one article I read said there could be more than one copy in various locations. Did you find just the one copy too, or more?

Can you please tell me wher you found that on Profits Theme? I searched but couldn't find anything :confused:

Thanks

{{ DiscussionBoard.errors[4446836].message }}

Lyanna

13 years ago

Yes, some phps on mine were not named timthumb but just "thumb" but it contains the same security vulnerability. Fixed all so far no hacking problems, just broken image links.

Thanks
1 reply

{{ DiscussionBoard.errors[4412021].message }}

sbucciarel

Banned 13 years ago

Originally Posted by Lyanna

Yes, some phps on mine were not named timthumb but just "thumb" but it contains the same security vulnerability. Fixed all so far no hacking problems, just broken image links.

Strange ... I fixed all mine and my image links are not broken. All my images are still there.

Thanks
1 reply

{{ DiscussionBoard.errors[4412680].message }}

Lyanna 13 years ago

Originally Posted by sbucciarel

Strange ... I fixed all mine and my image links are not broken. All my images are still there.

I don't know what's up with mine yet. I haven't investigated. The broken images are on a blog I don't use a lot and it's the weekend so I'm just chilling for now. Monday is soon enough for work.
- Thanks
- 1 reply
{{ DiscussionBoard.errors[4413231].message }}
- samtam 13 years ago
  
  Just got an email regarding Timthumb danger from my hosting company, going to check it out, better be safe than sorry.
  
  Thanks
  
  {{ DiscussionBoard.errors[4446796].message }}

Bob Willoughby

13 years ago

Sure enough I found one! Thanks for the heads up!
Bob

Thanks

{{ DiscussionBoard.errors[4413220].message }}

WARNING! DANGER! Got A Wordpress Fancy Theme or Timthumb? Vital Hackers Alert!

Trending Topics

How do I effectively build and nurture an email list for affiliate marketing purposes?

Are billboards still effective in driving customers?

Are Solo ADs the Most Cost Effective Way to Promote your Product?

Been a while! Any of you Old Timers here?

How much does the rebranding affect CR ?