Singapore (PRWEB) June 30, 2014
TimThumb, a PHP script that allows websites to automatically create thumbnail images for their website was reported to have a 0-day security vulnerability on its Webshot feature. Exploited by hackers, this vulnerability was used to compromise thousands of websites.
If left enabled, this script can open the floodgates of attacks that might seriously cripple vulnerable websites. Executing a simple command on the TimThumb Webshot Remote Code Execution component will allow the hacker to create, change or remove files from the servers. Major security issues were discovered about TimThumb in the past years and still continues to plague mostly Wordpress sites.
By default, all TimThumb plugins have the WebShots feature disabled but a few installations may have it enabled. Even if they are not disclosed explicitly, some themes and plugin may still include the TimThumb script, so all customers should manually check through their website files for the TimThumb script. SingHost is advising all their customers to manually check their TimThumb script to ensure that the WebShot feature is disabled by following these simple steps: go to themes and plugins, open the TimThumb file, look for “WEBHOST_ENABLED”, change it to ‘false’. Final code should reveal: define (‘WEBHOST_ENABLED’, false);.
SingHost has invested in resilient web application firewalls and has put them in place to prevent such malicious attacks from compromising their web servers. The firewalls protect client websites not just against the TimThumb vulnerability, but other similar attacks as well. SingHost customers may also email their Customer Support team if they need help on this issue.
SingHost is the leader in highly reliable basic and enterprise web hosting plans in Singapore. They have powered over 10,000 websites with a 99.9% uptime guarantee, daily backups for website files and 24/7 Customer Support through email and chat. Get to know more about them at http://www.singhost.net.