Bluehost Web Hosting Help

2011 Timthumb Vulnerability FAQ

2011 Timthumb Vulnerability FAQ

What is TimThumb?

TimThumb is a script that is used for resizing images in a website. This is useful because many website designs have image areas that have a specific size, and TimThumb can make the images fit these spaces without requiring the website owner to manually create multiple copies of the image in an image editing program.

What is the vulnerability?

TimThumb versions 1.10 through 1.34 contain an error that allows an attacker to insert PHP code into the site where it is running. The details can be found in this blog post at

What is the recommended solution?

We currently recommend upgrading any scripts, plugins, or themes that deal with images. You may need to check the web page for each one to ensure that they have released a version that includes TimThumb 2.0 or later.

What is the process for upgrading a WordPress theme or plugin?

For most themes and plugins, you can follow these instructions.

If you are using a custom theme, work with the developer of the theme to obtain an updated copy.

How do I upgrade themes or plugins for other website software?

The exact steps vary depending on which website software you are using. Information on how to do it should be provided in the documentation, forums, or mailing lists specific to that software.

Can I just delete or upgrade TimThumb?

You can, but the functionality it provides is normally vital to the script. As a result, changes to the way it works or its removal, may cause the scripts, themes, or plugins that use it to not work properly. If you need to protect your site, this may still be a good short-term option.

Where can I get the current version of TimThumb?

The current version of TimThumb is available from Google Code's TimThumb Repository. You can either copy and paste the code directly from that page, or use your browser's "Save As" feature. Note that some browsers may change the filename, so make sure that it saves as timthumb.php.

What is Bluehost doing about this?

We will be running an automated process to patch all potentially-vulnerable copies of TimThumb in your account as a stop-gap measure. This should close the vulnerability, but should not be expected to be a complete solution.

Will your patching process fix the issue?

No, our patch is intended only as a temporary measure to prevent additional sites from being infected with malicious code. It should not be relied upon to produce a working site.

When will you be patching the files?

As of Tuesday, August 30, 2011, we have patched approximately 70% of the previously-vulnerable TimThumb instances across all of the servers we provide. The remaining instances will require additional work, but we hope to have them all patched soon.

How can I tell if my site has been hacked?

It's not always possible to tell with 100% certainty, though there are certain patterns that may help indicate a problem. If you are concerned, you can use some of the links in the following section, or you can seek a website security professional or company to scan the files in your site(s) for malicious content.

Where can I find more information?
Knowledgebase Article 49,250 views bookmark tags: timthumb (updated 1458 days ago)

Was this resource helpful?

Did this resolve your issue?

Please add any other comments or suggestions about this content:

Recommended Help Content

AppMachine FAQ

Frequently Asked Questions for AppMachine (updated 179 days ago)

Reseller Hosting Services FAQ

A list of frequently asked questions related to our termination of the Reseller package. (updated 282 days ago)

Domain Name FAQ

Frequently Asked Questions about Managing your Domain Names (updated 455 days ago)

Related Help Content

Optimum Hosting for WordPress - FAQ

Frequently Asked Questions about Optimum Hosting for WordPress (updated 464 days ago)

Outlook 2011

How to setup an email account using Microsoft Outlook 2011 (updated 716 days ago)

What to do When SiteLock Finds a Vulnerability

This article will explain what to do when SiteLock finds a vulnerability. (updated 467 days ago)

The Heartbleed Bug and What You Need To Know

The low down on the Heartbleed OpenSSL vulnerability (updated 506 days ago)

SQL Injection - Database Vulnerability

This article will explain the benefits of SiteLock in regards to SQL injections. (updated 126 days ago)

Why does shared have more space than reseller?

Answers to the commonly asked question of why shared plans have more space than reseller plans (updated 282 days ago)

Application Scanning

This article will explain the benefits of SiteLock in regards to application scanning. (updated 953 days ago)

How to Obtain Additional Support for Drupal

A list of locations where you can find support for drupal outside of Bluehost (updated 946 days ago)