Friday, February 1, 2013

(Updated) Hackers Still Scanning for Vulnerable TimThumb Scripts

WordPressIf you have a website running on WordPress, make sure you check your themes and plugins for the TimThumb script, and if you find it make sure you’re running the latest version (2.8.11 at time of this writing).

For the uninitiated, TimThumb is a PHP script used to resize images, and is integrated into hundreds of WordPress themes.

Unfortunately, a security flaw was discovered within TimThumb in 2011, leaving millions of WordPress powered websites vulnerable to attack. The vulnerability was fixed (in version 1.33, I believe); however, some websites may still be at risk if they were never updated.

Judging by scans we’ve seen on our own blog, it would appear that cybercriminals are still hunting for websites with plugins or themes using outdated versions of TimThumb:

Plugins


/wp-content/plugins/cac-featured-content/timthumb.php
/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php
/wp-content/plugins/category-list-portfolio-page/scripts/timthumb.php
/wp-content/plugins/cms-pack/timthumb.php
/wp-content/plugins/dp-thumbnail/timthumb/timthumb.php
/wp-content/plugins/extend-wordpress/helpers/timthumb/image.php
/wp-content/plugins/islidex/js/timthumb.php
/wp-content/plugins/kino-gallery/timthumb.php
/wp-content/plugins/lisl-last-image-slider/timthumb.php
/wp-content/plugins/really-easy-slider/inc/thumb.php
/wp-content/plugins/rent-a-car/libs/timthumb.php
/wp-content/plugins/verve-meta-boxes/tools/timthumb.php
/wp-content/plugins/vk-gallery/lib/timthumb.php
/wp-content/plugins/wp-marketplace/libs/timthumb.php

Themes


/wp-content/themes/13Floor/timthumb.php
/wp-content/themes/advanced-newspaper/timthumb.php
/wp-content/themes/Aggregate/thumb.php
/wp-content/themes/Aggregate/timthumb.php
/wp-content/themes/AmphionPro/script/timthumb.php
/wp-content/themes/aperture/thumb.php
/wp-content/themes/aperture/timthumb.php
/wp-content/themes/arras/library/timthumb.php
/wp-content/themes/arras-theme/library/timthumb.php
/wp-content/themes/Avenue/timthumb.php
/wp-content/themes/backstage/thumb.php
/wp-content/themes/backstage/timthumb.php
/wp-content/themes/Basic/timthumb.php
/wp-content/themes/biznizz/thumb.php
/wp-content/themes/biznizz/timthumb.php
/wp-content/themes/Bold/timthumb.php
/wp-content/themes/boldnews/thumb.php
/wp-content/themes/boldnews/timthumb.php
/wp-content/themes/broadcast/thumb.php
/wp-content/themes/bt/includes/timthumb.php
/wp-content/themes/bueno/thumb.php
/wp-content/themes/bueno/timthumb.php
/wp-content/themes/busybee/thumb.php
/wp-content/themes/busybee/timthumb.php
/wp-content/themes/c3/thumb.php
/wp-content/themes/cadabrapress/scripts/timthumb.php
/wp-content/themes/canvas/thumb.php
/wp-content/themes/canvas/timthumb.php
/wp-content/themes/CFWProfessional/timthumb.php
/wp-content/themes/Chameleon/timthumb.php
/wp-content/themes/city/scripts/timthumb.php
/wp-content/themes/cityguide/timthumb.php
/wp-content/themes/coda/thumb.php
/wp-content/themes/coffeebreak/thumb.php
/wp-content/themes/coffeebreak/timthumb.php
/wp-content/themes/coffeedesk/includes/timthumb.php
/wp-content/themes/comfy%20pro/thumb.php
/wp-content/themes/continuum/thumb.php
/wp-content/themes/continuum/timthumb.php
/wp-content/themes/crisp/thumb.php
/wp-content/themes/crisp/timthumb.php
/wp-content/themes/cruz/scripts/timthumb.php
/wp-content/themes/dailyedition/thumb.php
/wp-content/themes/dandelion_v2.6.1/functions/timthumb.php
/wp-content/themes/dandelion_v2.6.3/functions/timthumb.php
/wp-content/themes/dandelion_v2.6.4/functions/timthumb.php
/wp-content/themes/dcric/scripts/timthumb.php
/wp-content/themes/DeepBlue/timthumb.php
/wp-content/themes/deep-blue/timthumb.php
/wp-content/themes/DeepFocus/thumb.php
/wp-content/themes/DeepFocus/timthumb.php
/wp-content/themes/delegate/thumb.php
/wp-content/themes/delegate/timthumb.php
/wp-content/themes/delicate/thumb.php
/wp-content/themes/delicate/timthumb.php
/wp-content/themes/DelicateNews/timthumb.php
/wp-content/themes/deliciousmagazine/thumb.php
/wp-content/themes/deliciousmagazine/timthumb.php
/wp-content/themes/delight/scripts/timthumb.php
/wp-content/themes/develop/thumb.php
/wp-content/themes/diarise/thumb.php
/wp-content/themes/digitalfarm/thumb.php
/wp-content/themes/directory/timthumb.php
/wp-content/themes/dualshockers2/thumb.php
/wp-content/themes/duotive-three/includes/timthumb.php
/wp-content/themes/EarthlyTouch/timthumb.php
/wp-content/themes/eBusiness/timthumb.php
/wp-content/themes/ecobiz/timthumb.php
/wp-content/themes/editorial/thumb.php
/wp-content/themes/ElegantEstate/thumb.php
/wp-content/themes/ElegantEstate/timthumb.php
/wp-content/themes/eNews/thumb.php
/wp-content/themes/eNews/timthumb.php
/wp-content/themes/envision/thumb.php
/wp-content/themes/ephoto/thumb.php
/wp-content/themes/ePhoto/timthumb.php
/wp-content/themes/equator/timthumb.php
/wp-content/themes/eStore/timthumb.php
/wp-content/themes/Event/timthumb.php
/wp-content/themes/Feather/timthumb.php
/wp-content/themes/flashnews/thumb.php
/wp-content/themes/freshnews/thumb.php
/wp-content/themes/G6Feature/includes/thumb.php
/wp-content/themes/gallant/thumb.php
/wp-content/themes/gazette/thumb.php
/wp-content/themes/gazette/timthumb.php
/wp-content/themes/Glow/timthumb.php
/wp-content/themes/GrungeMag/timthumb.php
/wp-content/themes/headlines/thumb.php
/wp-content/themes/headlines/timthumb.php
/wp-content/themes/headlines_enhanced_v2/thumb.php
/wp-content/themes/idris/images/timthumb.php
/wp-content/themes/impacto/thumb.php
/wp-content/themes/insignio/images/timthumb.php
/wp-content/themes/InterPhase/timthumb.php
/wp-content/themes/kingsize/timthumb.php
/wp-content/themes/lifestyle/thumb.php
/wp-content/themes/LightBright/timthumb.php
/wp-content/themes/Linepress/timthumb.php
/wp-content/themes/livewire/thumb.php
/wp-content/themes/mademan/scripts/timthumb.php
/wp-content/themes/Magnificent/thumb.php
/wp-content/themes/manifesto/scripts/timthumb.php
/wp-content/themes/Max/thumb.php
/wp-content/themes/Memoir/thumb.php
/wp-content/themes/mimbo/scripts/timthumb.php
/wp-content/themes/mimbopro/scripts/timthumb.php
/wp-content/themes/minecraftapps.com/scripts/timthumb.php
/wp-content/themes/mini-lab/functions/timthumb.php
/wp-content/themes/Modest/thumb.php
/wp-content/themes/Modest/timthumb.php
/wp-content/themes/modularity/includes/timthumb.php
/wp-content/themes/modularity2/includes/timthumb.php
/wp-content/themes/multidesign/scripts/timthumb.php
/wp-content/themes/muse/scripts/timthumb.php
/wp-content/themes/myjourney/thumb.php
/wp-content/themes/myjourney_3.1/thumb.php
/wp-content/themes/MyProduct/timthumb.php
/wp-content/themes/NewsPro/timthumb.php
/wp-content/themes/Nova/timthumb.php
/wp-content/themes/Nyke/timthumb.php
/wp-content/themes/ocram_2/thumb.php
/wp-content/themes/optimize/thumb.php
/wp-content/themes/optimize/timthumb.php
/wp-content/themes/OptimizePress/timthumb.php
/wp-content/themes/overeasy/timthumb.php
/wp-content/themes/pearlie_14%20dec/scripts/timthumb.php
/wp-content/themes/PersonalPress/timthumb.php
/wp-content/themes/photoria/scripts/timthumb.php
/wp-content/themes/photo-workshop/includes/timthumb.php
/wp-content/themes/Polished/timthumb.php
/wp-content/themes/postcard/thumb.php
/wp-content/themes/premiumnews/thumb.php
/wp-content/themes/premiumnews/timthumb.php
/wp-content/themes/productum/thumb.php
/wp-content/themes/profitstheme/thumb.php
/wp-content/themes/prosto/functions/thumb.php
/wp-content/themes/PureType/timthumb.php
/wp-content/themes/purevision/scripts/timthumb.php
/wp-content/themes/Quadro/timthumb.php
/wp-content/themes/redlight/includes/timthumb.php/coffeebreak/thumb.php
/wp-content/themes/Reporter/timthumb.php
/wp-content/themes/retreat/thumb.php
/wp-content/themes/rockstar/thumb.php
/wp-content/themes/rockwell_v1.5/scripts/timthumb.php
/wp-content/themes/rt_crystalline_wp/thumb.php
/wp-content/themes/rt_panacea_wp/thumb.php
/wp-content/themes/rt_syndicate_wp/thumb.php
/wp-content/themes/sealight/thumb.php
/wp-content/themes/SimplePress/timthumb.php
/wp-content/themes/simplicity/thumb.php
/wp-content/themes/simplicity/timthumb.php
/wp-content/themes/skeptical/thumb.php
/wp-content/themes/skeptical/timthumb.php
/wp-content/themes/snapshot/thumb.php
/wp-content/themes/snapshot/timthumb.php
/wp-content/themes/spectrum/thumb.php
/wp-content/themes/spectrum/timthumb.php
/wp-content/themes/telegraph/scripts/timthumb.php
/wp-content/themes/TheCorporation/timthumb.php
/wp-content/themes/themorningafter/thumb.php
/wp-content/themes/TheProfessional/timthumb.php
/wp-content/themes/therapy/thumb.php
/wp-content/themes/TheSource/timthumb.php
/wp-content/themes/thestation/thumb.php
/wp-content/themes/thestation/timthumb.php
/wp-content/themes/TheStyle/timthumb.php
/wp-content/themes/tma/thumb.php
/wp-content/themes/Transcript/thumb.php
/wp-content/themes/Transcript/timthumb.php
/wp-content/themes/tribune/scripts/timthumb.php
/wp-content/themes/typebased/thumb.php
/wp-content/themes/typebased/timthumb.php
/wp-content/themes/u-design/scripts/timthumb.php
/wp-content/themes/vibrantcms/thumb.php
/wp-content/themes/vulcan/timthumb.php
/wp-content/themes/watercolor/includes/timthumb.php
/wp-content/themes/waves/functions/timthumb.php
/wp-content/themes/welcome_inn/timthumb.php
/wp-content/themes/WhosWho/timthumb.php
/wp-content/themes/widescreen/includes/timthumb.php
/wp-content/themes/wootube/thumb.php
/wp-content/themes/wp-clear-prem/scripts/timthumb.php
/wp-content/themes/WPCMS2/scripts/timthumb.php
/wp-content/themes/zenko/scripts/timthumb.php

Not Sure If Your Site is Vulnerable?


There are two methods you can use to check your site:

  • Use the TimThumb Vulnerability Scanner plugin to check if your site is running a vulnerable version of TimThumb. This plugin will scan your entire wp-content folder, including plugins, themes and uploads.

  • Manually scan your wp-content folder for any 'timthumb.php' or 'thumb.php' files.


How to Update TimThumb


Should you happen to find a vulnerable version of TimThumb on your site, here are some easy-to-follow instructions that will guide you through the update process.

As a side note, I recommend doing a little research to beef up the security on any WordPress websites you may be running. Here’s a pretty good list of 25 Essential Security Plugins + Tips.

List last updated: 2/7/2013

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment