Question for forum members.

Since updating the timthumb.php, I noticed that in the script cache folder there are many files that look like this:
timthumb_int_0a5daf52e532e1f2b9e632c431ab48b7.timthumb.txt

When viewing the files in a text editor, they all begin like this:
<?php die('Execution denied!').... and then later garbled text.

Am I right in assuming that this is a good thing, because the attacks on timthumb are being thwarted?

Would renaming the theme cause this to go away?

Hello,
I tried updating timthumb file but again after few days the other files in the theme showed problems on http://sitecheck.sucuri.net/scanner/

And also the file public_html/wp-includes/js/jquery/jsquery.js was again added with the malware charachters.


Website greenbugger.com

So if your timthumb script is newer than 2.0 you do not need to upgrade, as the security fixes have already been applied? Is this correct?

I just read about the update and need clarification on the instructions.
You state that in order to update the template one should use the new timthumb.php and replace in the scripts directory with timthumb.php. In that directory I have a "cache" folder, a timthumb.php and a timthumb.php.UNPROTECTED. Do you mean to delete all files out of the "scripts" directory and then insert the new "timthumb.php" file?

Make sure you delete upd.php files. I found it in two folders and after deleting them, it seemed to helped...for now. As well as deleting some code in the middle of another main file that was retrieving my WP passwords, cannot remember its name.

Hi,

A Wordpress site I was hosting (using the Zenko theme) was hacked a few days ago as well. Luckily, I was hosting it on Dreamhost and their security team alerted me to this, and I was able to delete the files in the /temp/ directory and then update the timthumb.php file fully by following the instructions on this forum thread (thanks for the great instructions btw!)

I really love the Zenko theme; will wait to see if this resolves the issue fully and what happens next.

Dreamhost security told me that the hackers put up a "pharmacy redirect" page and an "oldlib.php" file in the temp directory under timthumb, and used that to upload more spam pages.

Anyway, this is just FYI...

Thanks for the information. For those of us that are beginners, could someone please explain the steps? It seems a little daunting for some of us that have not worked with code.

thank you

I was looking through my updated Manifesto theme with Firebug and I came across some suspicious looking code that seemed to be associated with the RSS icon on the top menu bar (maybe - I'm not exactly sure).

I had heard about the Tim Thumb problem. I updated my theme before. But now I have also updated the Tim Thumb file just in case.

I'll post an image with some of the code here (as well as some details of the code)



I then ran an anti-virus plugin and these are some of the potential issues it came up with:



I then went to Sucui.net and ran a check, and it came up with this:



Any ideas about this?

Hi - I'm not sure what you mean when you say follow the posted guidelines. Do you mean replace the Tim Thumb file? ... I've already done that. I am getting these errors AFTER the new Tim Thumb file has been installed.

Thanks

www.dagelinks.nl
WordPress 3.2.1
CadabraPress 1.4
The page loads very, very slow since three days. I changed the timthumb.php, but it doesn't help. My RSS-feed isn't hacked as mentioned by others. What can I do to speed the side up?
Thanks!

Hi,

I believe I've been hacked as well.

I copied the the new timthumb script, but I'm getting the following errors when I update the file...

Warning: fopen(/nfs/c02/h04/mnt/17385/domains/piefacepictures.com/html/wp-content/themes/videozoom/scripts/timthumb.php) [function.fopen]: failed to open stream: Permission denied in /nfs/c02/h04/mnt/17385/domains/piefacepictures.com/html/wp-admin/theme-editor.php on line 74

Warning: Cannot modify header information - headers already sent by (output started at /nfs/c02/h04/mnt/17385/domains/piefacepictures.com/html/wp-admin/theme-editor.php:74) in /nfs/c02/h04/mnt/17385/domains/piefacepictures.com/html/wp-admin/theme-editor.php on line 89

...and it doesn't seem to solve the problem.

What should I do now?

Thanks!
D

i had timthumb 2.8 was malware anyways
I've updated to timthumb 2.8.6 let see

Hi, I´m also having the same problem, when I try to access my site I get a pop-up from my antivirus that says that many files are infected, any clue to fix this?

All right, I fix it, reuploading some files of the theme, I did an scan with http://sitecheck.sucuri.net and saw wich files where infected. Then I hace tu update some of the wordpress core files.