A domain name is your web address, the URL of your website and the basis for your e-mail addresses.
Get your website, web store or application online using our reliable and fast hosting.
Create a website or web store you will be proud of by yourself.
Work online without any problems thanks to your mailbox, the Office Suite, etc.
Powerful solutions to keep your website, shop or app online.
Tailored IT advice to improve your business and make it more successful. Whatever your needs, we will always find a suitable solution. From €199 per month.
Take advantage of being a Combell partner.
TimThumb is a script that makes it possible to resize images ‘on the fly’. This form of 'image resizing' script is very popular and people know TimThumb mostly from the WordPress world. So, many WordPress themes use this software to make image resizing possible.
Unfortunately, we noticed that many WordPress sites still use a theme with an old, vulnerable version of TimThumb.
The vulnerability had already been reported in 2011, and the author of the script had written an extensive blog post about it.
For the sake of clarity: this vulnerability has nothing to do with the security and stability of WordPress itself. TimThumb is not a part of the WordPress core. It is an independent script that is often used in WordPress themes developed by third parties.
Because of this vulnerability, including and uploading scripts on the server (and executing them) is made very easy. It allows hackers to upload scripts that may compromise the security of your hosting account and cause severe damage.
This vulnerability is caused by the fact that the script supports external file inclusion. In other words, it is not only local images that can be processed, but also external ones.
The URL below is an example of how TimThumb is normally called:
The input control is rather superficial and is performed only on parts of the URL and not on the entire URL. The script checks if the domain name of the external image is included in the list of white-listed sites. This list includes, among others, the following white-listed domain names:
However, it is very easy to pass the check if you create a URL that includes one of these white-listed domain names. The following URL is a hypothetical example of a supposedly secure URL:
The content of the external file (in this case “hack.php”) is not immediately executed; it is included in the associated cache directory. If the uploaded file is an image, it is instantly displayed from the cache. And if the file is not an image, you get an error message indicating the location of the file. The error message can look like this:
Unable to open image: /var/www/wp-content/themes/your-theme/lib/scripts/cache/07ae62439acc0e284d9d706b55fabb36.php
The fact that the script displays the location of the file just like this makes it very easy to execute the hack.php script. All hackers need to do to hack the account is execute the URL below.
The consequences of this vulnerability can be severe. When hackers upload PHP scripts, they can easily take control and read and edit your files. The underlying database is no longer secure either, since the database data can be easily accessed thanks to the configuration file.
What do hackers usually do?
Not all WordPress installations are vulnerable. Only installations with themes using an old version of TimThumb are.
All TimThumb versions older than 2.8.2 are vulnerable and should be upgraded as soon as possible. You will find all the necessary information on http://code.google.com/p/timthumb/. For the latest version of the TimThumb script, please visit http://timthumb.googlecode.com/svn/trunk/timthumb.php.
A convenient WordPress plugin is available that checks your installation for the vulnerability. Not only does it search for older versions of TimThumb, but it also searches for files that hackers may have included in the cache directory.
Another possible fix is to empty the list of white-listed external sites. This list looks like this:
$allowedSites = array (
All you need to do is replace this bit of code with the following:
$allowedSites = array ();
Although emptying the list of white-listed sites can be an easy solution, upgrading to the latest version of TimThumb is extremely important. Creators of WordPress themes who used it have most probably already published updates using the latest version of the script. So, an update of your themes may help too.
Although this is not breaking news, we still notice that many sites feature themes using an older version of TimThumb. And even though this vulnerability has nothing to do with WordPress itself, it is mainly WordPress installations that are hacked through it. So, we advise you to upgrade your themes as soon as possible and to check if they use an old version of TimThumb. Make sure that your version is not older than 2.8.2.
DDoS attacks are becoming more frequent and more sophisticated. That is why it is essential to protect yourself against such attacks. Combell has developed a comprehensive strategy to make sure...
Anyone who has ever read a newspaper is well aware that more and more criminals are prowling the Internet in an attempt to exploit vulnerable websites. That is why it...
DDoS attacks can cause major economic damage and completely shut down websites. What is a DDoS attack? How can you protect your website against DDoS attacks and what measures does...
© 1999 - 2021 Combell nv.All prices exclude VAT.
| General conditions