Categories
Linux Wordpress

Timthumb.php hacked again

I needed a better way to check that my clients were not installing old version of timthumb.php as part of their themes on WordPress. Here’s a reminder for myself and others of simply search and find on a linux server. I’m sure that this could be automated to search, find, and replace with the latest – but as we are only talking less than 30 timthumb files – I’m happy to carry out manually at the moment.

find `pwd` -type f \( -iname thumb.php -or -iname timthumb.php \) -exec grep -HP 'define ?\(.VERSION' {} \;

Will return :

/var/www/vhosts/domain1.com/httpdocs/wp-content/themes/rich2011/scripts/thumb.php:define ('VERSION', '2.8.3'); // Version of this script
/var/www/vhosts/domain2.com/httpdocs/wp-content/themes/Bluelight/scripts/timthumb.php:define ('VERSION', '2.8.3'); // Version of this script
/var/www/vhosts/domain3.com/httpdocs/exclusive/wp-content/themes/core/timthumb.php:define ('VERSION', '1.6'); // Version of this script

Any old versions should be replaced with the latest from

http://timthumb.googlecode.com/svn/trunk/timthumb.php

By Mik Canavan

I'm a tech obsessed and self-confessed geek. As the Technical Director at Fivenines UK, I'm lucky that I get to faf with gadgets, design websites and fix servers...

Leave a Reply

Your email address will not be published. Required fields are marked *