(Ping! Zine Web Tech Magazine) – July 11, 2014. TimThumb’s vulnerabilities were a perennial security headache that has affected thousands of WordPress sites in the past years. Recently, a new vulnerability has emerged anew, promising an even more destructive outcome with the growing number of WordPress sites affected.TimThumb is a PHP script that allows users to zoom, resize and crop images for their websites. Despite its practical purposes, hackers are exploiting it to disable web servers by creating, deleting and editing files remotely when a command is left enabled within TimThumb.
Even after TimThumb was released a few years ago, security weaknesses in TimThumb were already detected, exposing websites to massive server-wide attacks. The Webshot feature in particular are affected by the latest vulnerability, named the TimThumb Remote Code Execution vulnerability. Most TimThumb plugins have the Webshot feature disabled by default, however some plugin installations may still leave it enabled. Even if not mentioned explicitly in disclosure agreements, some third-party plugins and themes may have integrated the TimThumb script as well.
To ensure that Timthumb Webshot features are disabled, Singapore Host customers are advised to manually disable it to block possible attacks on their websites. To do this, here are simple steps to follow: (1) visit plugins or themes and search for any TimThumb files, (2) open TimThumb file, (3) look for “WEBHOST_ENABLED”, (4) change it to false, (5) Final code must show: define (‘WEBHOST_ENABLED’, false); .
Customers can rest assured that all Singapore Host servers are secured with the help of web application firewalls that automatically blocks all types of security vulnerabilities. They can also reach Singapore Host’s 24/7 Customer Support team to report issues with their websites.
About Singapore Host
A recognized web hosting leader, Singapore Host offers reliable web hosting solutions with features that include massive disk space and bandwidth, 99.9% uptime guarantee, user-friendly website builder for beginners, enterprise grade network for seamless connection, automatic file backup and recovery, domain privacy and friendly customer support assistance. Visit them at: http://www.singaporehost.sg/ for more information.