Bluehost Web Hosting Help
2011 Timthumb Vulnerability FAQ
2011 Timthumb Vulnerability FAQ
What is TimThumb?
TimThumb is a script that is used for resizing images in a website. This is useful because many website designs have image areas that have a specific size, and TimThumb can make the images fit these spaces without requiring the website owner to manually create multiple copies of the image in an image editing program.
What is the vulnerability?
TimThumb versions 1.10 through 1.34 contain an error that allows an attacker to insert PHP code into the site where it is running. The details can be found in this blog post at markmaunder.com
What is the recommended solution?
We currently recommend upgrading any scripts, plugins, or themes that deal with images. You may need to check the web page for each one to ensure that they have released a version that includes TimThumb 2.0 or later.
What is the process for upgrading a WordPress theme or plugin?
For most themes and plugins, you can follow these instructions.
If you are using a custom theme, work with the developer of the theme to obtain an updated copy.
How do I upgrade themes or plugins for other website software?
The exact steps vary depending on which website software you are using. Information on how to do it should be provided in the documentation, forums, or mailing lists specific to that software.
Can I just delete or upgrade TimThumb?
You can, but the functionality it provides is normally vital to the script. As a result, changes to the way it works or its removal, may cause the scripts, themes, or plugins that use it to not work properly. If you need to protect your site, this may still be a good short-term option.
Where can I get the current version of TimThumb?
The current version of TimThumb is available from Google Code's TimThumb Repository. You can either copy and paste the code directly from that page, or use your browser's "Save As" feature. Note that some browsers may change the filename, so make sure that it saves as timthumb.php.
What is Bluehost doing about this?
We will be running an automated process to patch all potentially-vulnerable copies of TimThumb in your account as a stop-gap measure. This should close the vulnerability, but should not be expected to be a complete solution.
Will your patching process fix the issue?
No, our patch is intended only as a temporary measure to prevent additional sites from being infected with malicious code. It should not be relied upon to produce a working site.
When will you be patching the files?
As of Tuesday, August 30, 2011, we have patched approximately 70% of the previously-vulnerable TimThumb instances across all of the servers we provide. The remaining instances will require additional work, but we hope to have them all patched soon.
How can I tell if my site has been hacked?
It's not always possible to tell with 100% certainty, though there are certain patterns that may help indicate a problem. If you are concerned, you can use some of the links in the following section, or you can seek a website security professional or company to scan the files in your site(s) for malicious content.
Where can I find more information?
- Zero-Day Vulnerability in Many WordPress Themes
- Tips For Removing Website Malware
- Iframe Hack - WordPress Forums
- Site Hacked - WordPress Forums
Recommended Help Content
Frequently Asked Questions for AppMachine (updated 61 days ago)
Reseller Hosting Services FAQ
A list of frequently asked questions related to our termination of the Reseller package. (updated 163 days ago)
Domain Name FAQ
Frequently Asked Questions about Managing your Domain Names (updated 338 days ago)
Related Help Content
Optimum Hosting for WordPress - FAQ
Frequently Asked Questions about Optimum Hosting for WordPress (updated 345 days ago)
How to setup an email account using Microsoft Outlook 2011 (updated 598 days ago)
What to do When SiteLock Finds a Vulnerability
This article will explain what to do when SiteLock finds a vulnerability. (updated 349 days ago)
The Heartbleed Bug and What You Need To Know
The low down on the Heartbleed OpenSSL vulnerability (updated 388 days ago)
SQL Injection - Database Vulnerability
This article will explain the benefits of SiteLock in regards to SQL injections. (updated 8 days ago)
Why does shared have more space than reseller?
Answers to the commonly asked question of why shared plans have more space than reseller plans (updated 164 days ago)
This article will explain the benefits of SiteLock in regards to application scanning. (updated 835 days ago)
How to Obtain Additional Support for Drupal
A list of locations where you can find support for drupal outside of Bluehost (updated 828 days ago)