Tagged: 

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #5296

    Is there a TimThumb update for Avisio, or any guidelines to keep our sites safe?

    http://blog.vaultpress.com/2011/08/02/vulnerability-found-in-timthumb/

    I see that Avisio uses TimThumb here:

    wp-content/themes/avisio/framework/includes/timthumb.php

    Thanks!

    #49591

    Hey,

    as far as I know timthumb isn’t required/in use anymore. If you fear hackers open up the file, delete the whole code/text in the file and upload it again. It’s technically impossible to execute any code in the cache folder afterwards. You can also change the folder’s permission to 644 or 755.

    #49592

    Great, thank you! I wasn’t hacked, but I want to do my best to prevent it from happening!

    I just deleted the timthumb.php file entirely from my site. Is that good enough, or do I need to change or update any other files? Everything on the site appears to be functioning normally.

    #49593

    I couldn’t find a direct reference to the file so you can delete it too but I wanted to make sure that there’re no side effects so I recommended to delete the content only. But if everything else works perfect there’s no reason to keep the file.

    #49594

    Ugh, several of my sites got nailed and my host suspended my account due to “Over 200 phishing sites on my account.”

    Nasty stuff, haha.

    #49595

    Sorry to hear that. Kriesi will release new versions of his themes in the next few days. They’ll use the new version of timthumb (especially older themes) or will work without the script and use the post thumbnail feature instead (Newscast, Expose, etc.).

    #49596

    In case anyone has this question as well…v 2.0.3 can be downloaded from ThemeForest and has the timthumb fix.

    sidenote:

    hey Admin: Is there a way to be notified when an update has been made? Or…something has been posted to a thread that you’re following in this forum?

    #49597

    Hey,

    at the bottom right of every topic there is an “RSS feed for this topic” which you can subscribe to to easily check updates.

Viewing 8 posts - 1 through 8 (of 8 total)

The topic ‘TimThumb.php vulnerability’ is closed to new replies.