http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat Support Forum - Topic: Timthumb Vulnerability on Habitat en-US Wed, 22 May 2013 22:26:32 +0000 http://bbpress.org/?v=1.0.2 q http://www.kriesi.at/support/search.php http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-30402 Tue, 25 Oct 2011 07:08:37 +0000 Dude 30402@http://www.kriesi.at/support/ <p>You can delete timthumb.php for Newscast (if you're using the latest theme version). As fas as I know Display requires timthumb but the latest theme version (v.2.0.3) comes with the updated timthumb script which is secure. </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-30386 Mon, 24 Oct 2011 21:32:08 +0000 ktaylor 30386@http://www.kriesi.at/support/ <p>Hi,<br /> Our site has recently been hacked. Can I confirm with you that I can simply delete the timthumb.php file and this wont break anything? I am using Display and Newscast.</p> <p>Thanks! </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-27897 Mon, 26 Sep 2011 20:28:21 +0000 Chris Beard 27897@http://www.kriesi.at/support/ <p>Thanks for letting us know, I'll contact Kriesi about it. </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-27864 Mon, 26 Sep 2011 14:21:54 +0000 mediaplana 27864@http://www.kriesi.at/support/ <p>hej guys, just to let you know. the timthumb.php is still in the theme version on themeforest and it is definitly the old and hacked version last updated on 17th of march 2011 - before the fix. please update asap. </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-26325 Sat, 03 Sep 2011 08:16:16 +0000 Kriesi 26325@http://www.kriesi.at/support/ <p>Hey! Habitat no longer uses the timthumb script, it instead relies on the natural wordpress resizing. I would suggest to simply delete it from the theme folder. I will release an update for the themes that dont rely on it but have a copy of the file in the theme folder next week ;) </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-26282 Fri, 02 Sep 2011 12:43:08 +0000 Chris Beard 26282@http://www.kriesi.at/support/ <p>Hey,<br /> sorry about that - I must have mislooked at the dates of all the recently updated files. Recently a timthumb vulnerability has come up and it has been patched, it seems it wasn't for habitat. I'll mail Kriesi about the fix.<br /> Again exuse me for the delay/misinformation. </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-26178 Thu, 01 Sep 2011 04:11:26 +0000 martybuckenmeyer 26178@http://www.kriesi.at/support/ <p>BTW, when I download the 'previously purchased,' theme, the files are identical to what I purchased in May...including the .rtf file. So it looks like maybe it hasn't been updated recently? </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-26177 Thu, 01 Sep 2011 03:56:43 +0000 martybuckenmeyer 26177@http://www.kriesi.at/support/ <p>Well, for the time-being then, I guess this is an issue for me to figure out with Themeforest, because I don't see any option on that site to download an 'update.' My only options appear to be downloading the old theme or purchasing the theme. There is no 'update' indicated anywhere...Can you verify that there is, in fact, an update there?</p> <p>When I figure this first step out, I'll come back. Thanks. </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-26158 Wed, 31 Aug 2011 20:57:55 +0000 Chris Beard 26158@http://www.kriesi.at/support/ <p>No, all updates are free. </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-26082 Tue, 30 Aug 2011 03:02:49 +0000 martybuckenmeyer 26082@http://www.kriesi.at/support/ <p>Will I have to "purchase" the theme again? </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-26062 Mon, 29 Aug 2011 21:35:25 +0000 Chris Beard 26062@http://www.kriesi.at/support/ <p>When you download the updated version there's a version.rtf file which tells you what has been updated so you can replace the files in question. However, you can just replace the entire theme without your settings being lost since they're stored in the database.. which remains untouched. </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-26034 Mon, 29 Aug 2011 16:48:26 +0000 martybuckenmeyer 26034@http://www.kriesi.at/support/ <p>I purchased in May 2011; I think I'm running version 1.1.1. To update, do I just download the 'current' theme from Themeforest and replace the theme on Wordpress? Will I have to rebuild the site again? </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-26009 Mon, 29 Aug 2011 10:54:24 +0000 Chris Beard 26009@http://www.kriesi.at/support/ <p>Hi,<br /> are you running the latest version of the theme? Kriesi released a timthumb update just a few days ago. The update can be downloaded on themeforest. </p> http://www.kriesi.at/support/topic/timthumb-vulnerability-on-habitat#post-25941 Sat, 27 Aug 2011 03:28:48 +0000 martybuckenmeyer 25941@http://www.kriesi.at/support/ <p>Just received a message from my web host about timthumb.php vulnerability. Is there something that Habitat users need to do to patch or update our sites? I am a definite newbie when it comes to messing with the base code, btw. </p>