WordPress.org

Ready to get started?Download WordPress

Forums

Installed Bullet Proof Security - gallery images gone (5 posts)

  1. bubbalou
    Member
    Posted 3 years ago #

    So I installed BulletProof Security, after my site was hacked into. I read the instructions and am (almost) sure that I configured everything correctly. My site works fine, except that the 'Featured' images in my gallery no longer appear (on the front page). I am using WooThemes' Gazette Theme, with the integrated image rotator/gallery, which pulls the images from the posts that I specified, which are themselves located in wp-content/woo_custom/. I suspect that there's a simple fix, but I don't know where to start. Any help or suggestions would be greatly appreciated.

    Thanks!

  2. AITpro
    Member
    Posted 3 years ago #

    I believe the image thumbnailer file that the Woo Gazette Theme uses is named just thumb.php and is located here >>> themes/gazette/thumb.php. Since the Woo site has forced registration to view their forum i refuse to register out of principle. ;) So I cannot confirm that 100%.
    So what you would want to do is change the TimThumb thumbnailer fix from:
    RewriteCond %{REQUEST_FILENAME} timthumb(.*) [NC]

    to:

    RewriteCond %{REQUEST_FILENAME} thumb(.*) [NC]

    in the secure.htaccess file and your currently active root .htaccess file. Thanks.

    There may be another issue with the image rotator gallery, but see if all you need to do is allow the image thumbnailer to do its thing.
    Ed

  3. AITpro
    Member
    Posted 3 years ago #

    As of BulletProof Security .46.2 i went ahead and generalized the filename string to thumb so that any combination of the word thumb would not be blocked by the BPS security filters. examples: timthumb, thumbs, thumb, phpthumb, etc. I believe every single image thumbnailer script is using "thumb" in the script's filename so all variations should now be good to go. if anyone knows of an image thumbnailer that does not have thumb in the filename then please let me know. These files are not blocked internally. Thanks.

  4. AITpro
    Member
    Posted 3 years ago #

    WARNING!!! By default the root .htaccess file in BPS has an .htaccess skip rule to allow a Theme or Plugin thumbnailer script to function normally and not be protected by BPS. Thumbnailer scripts are automatically seen by BPS as a threat, exploit or vulnerability because of the general nature of these scripts. If your Theme or Plugin is using a thumbnailer script such as, TimThumb, phpThumb, Thumb or any variations of these scripts you should check to make sure they are recently patched versions of these scripts.

  5. AITpro
    Member
    Posted 2 years ago #

    WARNING!!! BPS .46.5 is forbidding thumbnailer scripts by default. To allow thumbnailer scripts on your website see the root .htaccess file for instructions on allowing thumbnailer scripts on your website. Also see the BPS Guide for additional help info regarding thumbnailer scripts. If your Theme or any of your Plugins are using a Thumbnailer script such as TimThumb, phpThumb, Thumb or variations of these thumbnailer scripts then you should check (ask the author, creator or Google it) and make sure that you have a recently patched version of the thumbnailer script that you are using. A Zero Day Vulnerability exists in older versions of these thumbnailer scripts and your website will get hacked if you are using an older version of a thumbnailer script. Thumbnailer scripts are automatically seen by BPS as a threat, exploit or vulnerability because of the general nature of these scripts.

Topic Closed

This topic has been closed to new replies.

About this Topic