biozahard / timthumb

Automatically exported from code.google.com/p/timthumb
0 stars 0 forks source link

Security Issues with Timthumb (hackers) #468

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Several of my websites use the Timthumb script, but it seems to be causing some 
security issues with my websites and I am getting hackers in who are changing 
my web files.  I have added the latest timthumb code from here, added alot of 
security prevention from Better WP Security but I am still having issues.

They seem to be changing a lot of timthumb text files in the cache folder along 
with other things and sometimes my websites are going down due to this.

Can someone please advise how I can secure it further?

Thanks in advance for your help

Original issue reported on code.google.com by bi...@creative-impact.co.uk on 1 Oct 2013 at 10:55

GoogleCodeExporter commented 8 years ago
The txt files in the cache directory are meant to change. They are cache files 
so new ones will be created all the time.

There are currently no known issues with TimThumb. If you can show how the 
attach is happening then I will try to fix it.

If you think TimThumb is at fault than I would simply stop using it.

Original comment by BinaryMoon on 3 Oct 2013 at 6:59

GoogleCodeExporter commented 8 years ago
I dont think its a hack now, but because the website goes down for several 
hours it is causing problems.

I have an issue where this website has 1000 images and posts.  When it starts 
caching, I get a message saying 100s of my files are changing from my security 
tool I use in wordpress and my website runs really slow for several hours and 
some of the pages go missing until its finished.  Is there any way to manage 
the caching better so it doesn't effect the website going down.  Should the 
website be effected when its caching?

Original comment by bi...@creative-impact.co.uk on 7 Oct 2013 at 9:29