Is there a TimThumb update for Avisio, or any guidelines to keep our sites safe?
I see that Avisio uses TimThumb here:
as far as I know timthumb isn’t required/in use anymore. If you fear hackers open up the file, delete the whole code/text in the file and upload it again. It’s technically impossible to execute any code in the cache folder afterwards. You can also change the folder’s permission to 644 or 755.
Great, thank you! I wasn’t hacked, but I want to do my best to prevent it from happening!
I just deleted the timthumb.php file entirely from my site. Is that good enough, or do I need to change or update any other files? Everything on the site appears to be functioning normally.
I couldn’t find a direct reference to the file so you can delete it too but I wanted to make sure that there’re no side effects so I recommended to delete the content only. But if everything else works perfect there’s no reason to keep the file.
Ugh, several of my sites got nailed and my host suspended my account due to “Over 200 phishing sites on my account.”
Nasty stuff, haha.
Sorry to hear that. Kriesi will release new versions of his themes in the next few days. They’ll use the new version of timthumb (especially older themes) or will work without the script and use the post thumbnail feature instead (Newscast, Expose, etc.).
In case anyone has this question as well…v 2.0.3 can be downloaded from ThemeForest and has the timthumb fix.
hey Admin: Is there a way to be notified when an update has been made? Or…something has been posted to a thread that you’re following in this forum?
The topic ‘TimThumb.php vulnerability’ is closed to new replies.