Linux Wordpress

Timthumb.php hacked again

I needed a better way to check that my clients were not installing old version of timthumb.php as part of their themes on WordPress. Here’s a reminder for myself and others of simply search and find on a linux server. I’m sure that this could be automated to search, find, and replace with the latest – but as we are only talking less than 30 timthumb files – I’m happy to carry out manually at the moment.

find `pwd` -type f \( -iname thumb.php -or -iname timthumb.php \) -exec grep -HP 'define ?\(.VERSION' {} \;

Will return :

/var/www/vhosts/ ('VERSION', '2.8.3'); // Version of this script
/var/www/vhosts/ ('VERSION', '2.8.3'); // Version of this script
/var/www/vhosts/ ('VERSION', '1.6'); // Version of this script

Any old versions should be replaced with the latest from