back to article Thousands of WordPress sites commandeered by Black Hole

Mass attacks that exploit a known vulnerability in the WordPress publishing platform have continued to bear fruit for hackers, with thousands of websites claimed in the past few weeks, a researcher said. The security bug, in a widely used image resizing utility known as TimThumb, allows attackers to seize control of WordPress …


This topic is closed for new posts.
  1. trarch

    Wipe and Load

    I haven't used Wordpress that much, but if I'm not mistaken it is possible to do a Wordpress backup (posts, comments) etc., bomb the WordPress directory, reinstall WordPress, theme and plugins and restore from backup. Seems like this would be safer than manually looking through files in an attempt to discover malicious code etc. It doesn't take that long to reinstall everything.

    Perhaps I'm missing something though; if anyone knows any better I'd be interested in hearing.

    1. Anonymous Coward
      Anonymous Coward

      WordPress has an excellent system for in-place updates. (way better than Drupal for example). It highlights any out-of-date add-ons such as TimThumb and a couple of clicks will automatically download and install it directly to the site.

      If people haven't upgraded then they probably aren't keeping a close eye on their site. The upside is that nobody is visiting them much either.

      1. Jan Ingvoldstad

        TimThumb is not a WordPress plugin.

        It is more commonly a part of themes and other WordPress plugins, so you won't know that your TimThumb is out of date. You have to trust that the WordPress plugin creators provide an updated version.

        Unfortunately, many of the plugins and themes using TimThumb are commercially paid editions which are not managed directly by WordPress' own plugin database, you download and install them semi-manually or fully manually.

        Also, these plugins and themes rarely publish which TimThumb version they use, they don't publish security advisories or notes regarding their products, and and and.

        Nevermind that the entire concept of TimThumb is b0rken, technically speaking. :)

        Generally, allowing pluggable PHP code is a Bad Thing security wise.

  2. Captain Scarlet


    One click installer scripts used in many popular Website Control Panels such as cPanel/Plesk/Lots of others will only make this issue worse, most users will expect it to update everything. Problem is issues with other scripts are not as widely reported.

    1. Andy Fletcher

      The problem with one press installs that the hosting companies generally have old versions of WordPress. I helped a guy recently, his hosting package meant he couldn't do a "normal" WP install as he didn't have rights to create databases, and had to use their installer. If I hadn't told him he absolutely had to update imediately, he probably wouldn't have.

      I've said it before, computers becoming seemingly easier to use is not necessarily such a good thing. Now everyone is using them.

This topic is closed for new posts.

Other stories you might like