What Is A Timthumb Attack?

The WordPress software is one of the more popular blogging software tools around. Even more than that, the WordPress software is one of the most popular open source projects in the world. The reason why it is so popular is because it allows people to be able to express themselves on the web in a very simple manner. You do not have to worry about coding and setting up a complicated web site when you run WordPress. All you have to do is to press a few buttons and you have a web site set up and all ready to go.

But just because WordPress is a great tool does not mean that it does not have its share of problems. Like all great software before it, WordPress does have a security problem at times. The open source nature of the project is both a good thing and a bad thing at times. Most of the time it is good but every now and then the bad guy’s ability to exploit the code can be a pain to deal with.

Just recently there was a security problem in the WordPress world. But while this problem was not directly related to the WordPress software itself, it was related to a lot of the themes that users use to make their WordPress installs look pretty. The problem was that the image resizing library that is used by a lot of the premium themes that are used in WordPress had been exploited. Someone was able to figure out how to use the image library to infect the servers which were using the WordPress themes which this library was installed in. Since the problem was in a library embedded directly into the themes and not in a plugin, the problem has been a hard one to get rid of. Even to this day we are still seeing a lot of timthumb attacks happen (you can check your own installation’s security with a timthumb vulnerability scanner). Users are not updating their themes to counteract this attack. The problem has been eliminated in the latest version of the timthumb library but the old version of the software is still installed in a numerous amount of web sites.

This just goes to show that while open source software is great, you still have to worry about security just like you do with closed source software.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind