(The Hosting News) – A 0-day vulnerability recently announced revealed a TimThumb Webshot Remote Code Execution vulnerability that allows hackers to perform specific commands on vulnerable websites remotely. Once a command is enabled, a hacker can create, edit and delete any files from the remote server.
TimThumb is a PHP script primarily used to crop, resize and zoom images used by millions of WordPresswebsites worldwide. It is very critical that this script is secured as soon as possible. Over the past years, thousands of sites were compromised due to large scale attacks directed towards this script. It is essential to note that third-party WordPress plugins or themes may incorporate the TimThumb script even if it is not specifically downloaded and installed by the user.
By default, Timthumb has webshot features disabled, therefore only a handful of TimThumb plugin installations remains at risk. If you want to manually disable your TimThumb script to prevent it from being hacked, here’s what you need to do:
1. Go to your theme or plugin.
2. Open the TimThumb file.
3. Find “WEBHOST_ENABLED”.
4. Set it to “false”.
5. The final code should look like this: define (‘WEBHOST_ENABLED’, false);.
The good news is that all websites hosted by Vodien are 100% protected by web application firewalls that systematically filters not just this TimThumb vulnerability, but all similar types of vulnerabilities.
Vodien is a world-class web hosting service provider based in Singapore. Since 2002, they offer a wide range of enterprise-grade and reliably fast web hosting solutions which include shared hosting, VPS hosting, cloud hosting, dedicated servers, full rack colocation and domain name registration. More than 15,000 customers use Vodien because of their high-performing data servers, multi-layered anti-virus filters, 24/7 Customer Support and superior data security. Go to http://www.vodien.com to know more about Vodien.