Well, if you are an active WordPress user (or designer, or developer), you are likely aware of the Timthumb vulnerability that has recently been wreaking havoc on WordPress blog owners. (If you’re not aware, then read on, as you are actually far more likely to be effected than someone who has been paying attention to WordPress security.)
This vulnerability is one of the base64 encoded hacks (similar to one that was going around a couple years ago). Here is some information on the attack
- Technical details and scripts of the WordPress TimThumb.php hack
- WordPress discussion of the exploit
- Matt Mullenweg comments on the the TimThumb saga
So, have you been hacked by the TimThumb exploit? Are you vulnerable? Now there is a quick and easy plugin to scan for this vulnerability.
The TimThumb Scanner is a plugin that is quick to install, quick to scan, and will tell you if you are vulnerable to attack via the exploit.
Install via Add New in your WordPress Plugin Admin Panel. Search for “TimThumb” and it is currently the first result in the list. Select Install Now to download and install the plugin.
Once installed, using the plugin is easy. Go to the Tools menu and select Timthumb Sanner in the submenu. Once there, click the “Scan” button. It’s pretty simple – which in this case is a good thing. It does one thing, and apparently does it well. There are more details on the plugin page listed below.
The one downside that it only scans for a vulnerability. It does not fix it for you. But Peter Butler has provided some insight into how to clean up your site should you find that your site has been compromised.
Where to get it: WordPress.org Plugin Repository