If you run your website(s) using WordPress, this affects you!
I don’t know a lot about hacking, etc, and I’m definitely not a “propeller head” so this information is not intended as a diagnosis or full protection… BUT, one of my sites was recently exploited by this vulnerability and yours could be too, so I want to pass on the information I’ve uncovered.
Much of this info is thanks to Jeff Johnson, who shared it with his subscriber list. I’m doing the same in turn to help you protect yourself against this vulnerability.
THE PROBLEM IN A NUTSHELL
Many WordPress-based blogs and websites use an image resizing script called “timthumb” and old versions of this script have a vulnerability to that allows hackers to upload and execute malicious software.
In my case, they installed phishing software that was mass spamming by email. My hosting company realized what was going on and, to protect all of their clients, not only shut down this one site… but shut down ALL of my sites.
And I understand why. They need to protect the integrity of their servers and if hackers got one of my files, there’s a chance they got more.
HOW TO UPGRADE THIS FILE
The developers of the timthumb file have created an update to fix this vulnerability. You can quickly scan your wordpress installation for any instances of this plugin using a free plugin called “TimThumb Vulnerability Scanner” and then upgrade it instantly right from the control panel.
I walk you through the installation, scanning & upgrading process in this video:
[jwplayer config=”PK” file=”https://s3.amazonaws.com/keetch/Public-Service-timthumb.mp4″ html5_file=”https://s3.amazonaws.com/keetch/Public-Service-timthumb.mp4″]
If you’ve installed a custom theme or a premium theme (including the OptimizePress) you should definitely run this scan!
To safe and happy webifying!