How to check if you have a problem
Other than seeing a warning in Chrome similar to the one above while visiting your site, there are two easy ways to see if your WordPress installation has been infected. The first is an external wordpress scanner designed by Sucuri: http://sitecheck.sucuri.net/scanner/ The second is a server side script that you upload to your site and then load from a web browser. This is available at http://sucuri.net/tools/sucuri_wp_check.txt and will have to be renamed after download as per Sucuri’s instructions below: If the scanners pull up anything infected, you’ll want to directly remove the infected files immediately. But, even if the scanners show “all clear” you likely still have a problem with your actual timthumb installation.
How do I fix it?
First, if you haven’t already done so –backup and download a copy of your WordPress directory, and your MySQL database. For instructions on backing up the MySQL database see the WordPress Codex. Your backup may contain junk, but it’s better than starting over from nothing. Next, grab the latest version of timthumb at http://timthumb.googlecode.com/svn/trunk/timthumb.php Now we need to secure the new timbthumb .php and make it so external sites cannot activate run scripts. To do this follow these steps:
Okay, now that your new timbthumb script is secure, you’ll need to connect to your website’s server via FTP or SSH. In most WordPress custom themes that use timbthumb, it is located in the wp-content\themes[themename] folder. Delete the old timbhumb.php and replace it with the new one. If you have more than one copy of timbthumb on your server you’ll need to be sure to replace ALL of them –note that sometimes they will just be called thumb.php.
Once you have updated timbthumb on your web server and cleared out any of the files that were detected by the above scanners, you’re more or less good to go. If you think you might be upgrading a bit to late and you might already be infected, you should contact your web host immediately and ask them to do a full AV scan of your web server. Hopefully then can help fix ya up otherwise you might need to revert back to a backup. Thnx for the comment. Comment Name * Email *
Δ Save my name and email and send me emails as new comments are made to this post.