TimThumb

  • Resolved JustDuckyDesigns

    (@justduckydesigns)


    7 years, 6 months ago

    I had a hacking attack to my server a few weeks ago. I think we identified and removed all of the files. One of my sites even hired a security company to completely clean and protect their site. That security company (Sucuri) told them about the timpthumb.php threat. I’ve not been told that I need to address that issue with all of my sites. I have installed and run your plug in on about 15 of my sites so far (one came up with some threats and them was able to clean them right away). All other sites are coming back totally clean. However, I just went into the file manager of one of the sites that I scanned with your plug in and the timthumb files are still there – such as this example line: /public_html/wp-content/themes/websitethemename/timthumb.php

    Should I be worried about this? Is this still a threat? Why is the plug in not removing these files?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Eli

    (@scheeeli)

    The timpthumb files do not need to be removed, they just need to be a current enough version that they are not vulnerable. My plugin will find any old versions and automatically upgrade them for you but they will not be removed.

    Thread Starter JustDuckyDesigns

    (@justduckydesigns)

    I see, I assumed it must be something like that. I do want to say that the person I’m working with on my hacking issue went to the website of the author of TimThumb and his website states, on the front page, that he is no longer updating or supporting TimThumb and that there would be no fixes if any other vulnerabilities are found. It says that anyone using it is doing so at their own risk. I’m wondering if WordPress (or a plugin) will eventually find a replacement for it and remove it in a future upgrade. Your thoughts on this?

    Plugin Author Eli

    (@scheeeli)

    The current version works and it’s secure, so there is no need to replace it. It is open source so other contributers can offer solution if a problem is ever discovered in the future, as was done in the past.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘TimThumb’ is closed to new replies.