TimThumb abandoned

 abandonware "width =" 500 "height =" 500 "class =" aligncenter size-medium wp-image-76429 "srcset =" https : //ayudawp.com/wp-content/uploads/2014/09/abandonware-500x500.png 500w, https://ayudawp.com/wp-content/uploads/2014/09/abandonware-150x150.png 150w, https : //ayudawp.com/wp-content/uploads/2014/09/abandonware.png 800w "sizes =" (max-width: 500px) 100vw, 500px "/> </a></p>
<p> The famous <strong> clipping script images TimThumb </strong>massively used by themes and plugins, has been <strong> abandoned by its developer </strong>moving to the now famous list of <a href= abandonware .

Not lacking in guilt by different exploits that this script has suffered great on the other hand, the author has decided to abandon its development and support, and recommends developers of plugins and themes that stop using it .

] If you use algu n topic or plugin that uses it " encourages " to its developer that use some alternative method because if already until now TimThumb was vulnerable not to mention once abandoned the development and updates of it.

The best alternative to TimThumb is, of course, the native support of WordPress featured images which are gradually adopting mostly theme developers, as well as other alternative solutions to TimThumb .

A very interesting one is the following code which does the same thing as TimThumb with images from your server (does not work with external images or hotlinked ) but without its vulnerabilities:

; Other possible alternatives are the Photon module from JetPack, which also dynamically resizes images or the plugin BFI Thumb .

What is clear is that you have to leave to use TimThumb now, yes or yes.

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

New security error in TimThumb

If your theme (or plugin) uses the script TimThumb and they are legion, I have another bad news: a vulnerability of type " zero day " has just been detected in the

The new vulnerability detected would allow any attacker to create, move or delete files on your server with a single command, that's nothing.

The problem is in the module called " ] webshot "of the script, and it is recommended that, until a patch comes out, identify the following line in the timthumb.php file:

Uploadify, new security threat included in WordPress plugins and themes • WordPress Help

If I already warned about the danger of Timthumb used as thumbnail management system for many WordPress themes, it is now another script, this one for to facilitate file uploading and used both by themes and by WordPress plugins, which threatens the integrity of any WordPress installation unaware of its danger.

] According to several reports of the website specialized in computer security Sucuri Uploadify a script that allows unregistered users, without credentials in WordPress, upload files to the server, is a potential security threat, because it can be used to open back doors, insert Trojans or whatever.

It is true that is very useful, and it facilitates actions as anonymous users participate in a c ommunity created with WordPress by uploading images or similar, but this same facility is its danger .

Topics as popular as those of Woothemes or plugins as used as ] Uploader WP Symposium or 1 Flash Gallery use this script for this purpose, so they would be susceptible open doors to unwanted code injections ]

If you want to know if your WordPress theme or plugin uses this script, search the entire directory " / wp-content / " and its subdirectories for a folder named " uploadify "Or the file" uploadify.php ", and if you are not clear about its use or you can dispense with it, deactivate it immediately and look for another type of solution for your visitors. [19659003] You can also do a check using a script that has created Sucuri. Download this file (sucuri_wp_check.txt), rename it by changing the extension txt to php and upload it to the root directory of your WordPress installation and run it like this:

The script informs you of both potential vulnerabilities of Timthumb and Uploadify.

WARNING : This publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Check if you are affected by the Timthumb security breach

As there are still many doubts in the comments about whether it is infected or not by the insecure version of the TimThumb script it never hurts to do some additional checking.

Timthumb vulnerability scanner , once installed and activated, performs an analysis of the files of your installation and, if it finds an insecure version it offers you to replace it with an updated version and, of course, safe.

Simple and great, how we like things in WordPress.

WordPress with Timthumb hacked make black hat SEO in Google Images • WordPress Help

According to the blog of Unmask Parasites over 4,000 hacked WordPress sites would be flooding images used to position fake antivirus sites.

What these undesirables do Black Hat SEO using the exploit in Timthumb of which I warned, is the following …

the following URL pattern: hxxp: ///? [a-f] {3} =, where [a-f] {3} is a combination of three letters from "a" to "f" and they are combinations of keywords separated by scripts that contain or images of normal words or images, for example:

hxxp: //example.com/? fef = images-of-mitzi-mueller-wrestling
hxxp: //example.net/ ? cda = image-tropical-fruits-index

For this purpose they use backdoor pages that they enter in normal templates of WordPress sites, where [19] 459011] the original content is replaced with about twenty thumbnails and small blocks of text relative to the keywords to be positioned .

The images are not linked from external sites but link to "full size" images with URLs how are you:

for example:

At the top of the images shows an entry – the domain name of the hacked site. In this way the undesirable ones make it seem that the images belong to the site they have hacked, as if it were their own content, not images inserted or stolen. At the same time, in this way, it is easier to identify the poisoned image in the search results.

The image files contain the following string inside: <CREATOR: gd- jpeg v1.0 (using IJG JPEG v62), quality = 100 . This means that they were created using the GD graphics library

It seems that hackers use a PHP script to take well-positioned images (in Google Images search results), resize them to the size of miniature (a width of between 200 and 300 pixels) and full size (some at random size, in some cases even to sizes greater than the original, to position them better as they are larger in pixels) and finally add the seal of the domain name hacked


At the bottom of the HTML code of the backdoor pages you can see comments like these:

The temporary brand and the keywords . This way you can easily see when the back door was created.


The backdoor pages have good positions in some keywords in both Google web search and Image search (especially when you search for the exact phrase ). However, malicious redirects occur only when you click on the search result in Google Images which proves that the ultimate goal is to flood Google Images of these images, that is, a pure campaign and hard of black-hat SEO .

The redirection has two stages . In the first one the redirection goes to an intermediate server (TDS) that then redirects to some web pages that launch a fake antivirus tool (there are two different variations).

This is a real redirect string: