phpThumb – is it a plugin, part of wp core or something else?

  • I’ve been having frequent “500 – internal server error” issues on one of my sites.
    I’ve asked the host to look into it and that’s what they came up with:

    we have found under your account, the following:

    [~/public_html]$ ls -lah | grep pThumb | wc -l 10868

    We ran a command under your account and found over 10,000 files being generated by a plugin called phpThumb which is hammering your hosting account memory. This appears that the plugin is broken and needs to be updated/repaired.

    I looked at the plugin list in my backend and couldn’t find any plugin called “phpThumb”.
    Then I freaked out and thought it was Malware so I scanned the site with Sucuri and it came back clean.
    I also have both iThemes security and Wordfence installed to protect my site.

    I have no idea what this thing is and the hosting provider doesn’t want to delete it because they say it could bring down my site and I should consult “my developer” (which I don’t have as I designed and built the site myself).

    Has anyone ever encountered a similar issue?

Viewing 2 replies - 1 through 2 (of 2 total)

  • Could be this: https://phpthumb.sourceforge.net/

    From the plugin notes:

    1) Download from either official site:
    * https://github.com/JamesHeinrich/phpThumb (current development version)
    * https://phpthumb.sourceforge.net (occasional releases + documentation)
    2) unzip to a location of your choice on your server, putting it in its
    own subdirectory (e.g. /phpThumb/ is useful but not required)
    3) rename phpThumb.config.php.default -> phpThumb.config.php
    4) edit phpThumb.config.php as needed to suit your server configuration.
    * the only setting you must set is ‘high_security_password’
    * most other values are auto-detected, but your particular server config
    may necessitate setting other values such as ‘document_root’ or
    ‘imagemagick_path’
    * see also “Configuration” section below
    5) Check your server configuration by opening
    /phpThumb/demo/phpThumb.demo.check.php in your browser. Settings that are
    highlighted green are good; yellow/orange/red may need to be adjusted.

    Might be worth using cPanel or FTP to explore your root and locate the /phpThumb/ directory. Then you can make a note of its location, download a backup copy and try deleting it.

    This seems to be a thumbnail generator. Do you now or have you in the past used thumbnails on your site? Where 10,000 is a lot of images, this number is not out of line for a directory or a type of site using small images.

    I do think barnez has a good suggestion about making a copy and deleting the script and images. It may not solve your internal errors but if you are not using it, it needs to be deleted.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘phpThumb – is it a plugin, part of wp core or something else?’ is closed to new replies.