rezwalker666
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Admin – Search Plugin page – hacked/exploitedCool beans, it worked just fine psynix. Thank you mate 😀
Forum: Fixing WordPress
In reply to: Admin – Search Plugin page – hacked/exploitedHey guys,
Is the actual file names “thumb.php” vulnerable? I am fully aware of the whole “timthumb.php” issue, but I just scanned my themes today and found that in one of them, it is using just “thumb.php” and wondering if it’s at risk.
If it is, how can I secure it with “timthumb.php”? (Especially since the filename does not match).
Forum: Requests and Feedback
In reply to: TimThumb Hack (was WordPress 3.2.1 vanilla is FAR from secure…)Yeah, love the thread guys, keep the ideas coming. Let’s stay strong and vigilant.
I think the lesson here is that no one is immune, but you can minimize damage.
Great points brought up by Jan, I was actually reading on those things last night. Unfortunately I was messing around with my htaccess file and permissions and broken stuff, but hey that’s how you learn!
Just like I learned how crucial backups can be.
Btw, I’m having my VPS host look into the logs as we speak to see how the rewrites were injected, ill report my findings here.
Forum: Requests and Feedback
In reply to: TimThumb Hack (was WordPress 3.2.1 vanilla is FAR from secure…)Of course, it all comes down to clamping down the security of your WP installation. I was under the impression that WP comes pretty secure, but nope. I have to re-write htaccess, change permissions, etc… Not everybody knows how to do this, so how about those other millions of blog out there? 😮