Vodien Secures Customers Against TimThumb Security Vulnerability

Share Article

Recently, the latest TimThumb Webshot Remote Code Execution vulnerability has just been announced, which has reportedly affected many WordPress websites. Vodien customers can rest easy as all WordPress websites hosted through Vodien have been secured against the latest TimThumb security vulnerability.

The good news is that all websites hosted by Vodien are 100% protected by web application firewalls that systematically filters not just this TimThumb vulnerability, but all similar types of vulnerabilities.

A 0-day vulnerability recently announced revealed a TimThumb Webshot Remote Code Execution vulnerability that allows hackers to perform specific commands on vulnerable websites remotely. Once a command is enabled, a hacker can create, edit and delete any files from the remote server.

TimThumb is a PHP script primarily used to crop, resize and zoom images used by millions of Wordpress websites worldwide. It is very critical that this script is secured as soon as possible. Over the past years, thousands of sites were compromised due to large scale attacks directed towards this script. It is essential to note that third-party WordPress plugins or themes may incorporate the TimThumb script even if it is not specifically downloaded and installed by the user.

By default, Timthumb has webshot features disabled, therefore only a handful of TimThumb plugin installations remains at risk. If you want to manually disable your TimThumb script to prevent it from being hacked, here’s what you need to do:

1. Go to your theme or plugin.
2. Open the TimThumb file.
3. Find “WEBHOST_ENABLED”.
4. Set it to “false”.
5. The final code should look like this: define (‘WEBHOST_ENABLED’, false);.

The good news is that all websites hosted by Vodien are 100% protected by web application firewalls that systematically filters not just this TimThumb vulnerability, but all similar types of vulnerabilities.

About Vodien

Vodien is a world-class web hosting service provider based in Singapore. Since 2002, they offer a wide range of enterprise-grade and reliably fast web hosting solutions which include shared hosting, VPS hosting, cloud hosting, dedicated servers, full rack colocation and domain name registration. More than 15,000 customers use Vodien because of their high-performing data servers, multi-layered anti-virus filters, 24/7 Customer Support and superior data security. Go to http://www.vodien.com to know more about Vodien.

Share article on socal media or email:

View article via:

Pdf Print

Contact Author

Fred Goh
Vodien
+65 62886264 Ext: 1
Email >

Fred Goh
@vodien
since: 07/2009
Follow >
Vodien Internet Solutions
since: 09/2009
Like >
Visit website