There’s been a recent mass infection and attack in WordPress self-hosted blogs affecting the TimThumb.php, l10n.js, and WordPress core files in the “/wp-includes/js” folder.
While checking my rounds on geekyfaust.info the Avast Internet Security flagged my site infected with malware.
The TimThumb.php is used to resize thumbnail image/s plugins and templates using these features are not spared from the vulnerability.
This attack are used for blackhat seo purposes, some of my blog/s Alexa traffic traffic stumbled, update and replace the codes of your timthumb.php powered WordPress Templates right here.
Re-upload, replace new core files in “wp-includes” inside your WordPress root folder.
Check your blog by downloading this text file, upload it in your site/s root folder and rename sucuri_wp_check.txt to sucuri_wp_check.php
It will look like this “https://geekyfaust.info/sucuri_wp_check.txt rename it to https://geekyfaust.info/sucuri_wp_check.php”
Or you can individually scan your blog/s with this site check scanner
A yet and simple tool will check for possible intrusions or web injections in your site/s.
Credits:
Thanks for the tips Mr. Faust!!!
secure your sites now asap! 🙂
lagi .. i’m trying to move away from WordPress to give way para sa among custom CMS 🙂 but thanks for the tips .. dagahan mag benefit ani 🙂
that’s great! but how will you address the technical support needs of the custom cms?
Thanks for the great guide. One of my sites is infected with this kind of attack. Will try to implement the solution you’ve mentioned above (upload new copies of wp-includes files.)
Ask lang po. What plugin or preventive measures that could be applied to avoid this kind of attack again?
Thanks!
upload and install Theme Authenticity Checker (TAC) plugin directly from your dashboard wordpress plugin directory, check for any malware hacks by uploading and renaming wp_security_check.txt to wp_security_check.php and do some checks, install themes and plugins from a reputable source/s.
Hirap niyan kapag madaming website mo ang gumagamit ng timthumb. Hirap iupdate isa isa. May bago ako napansin, sa gallery plugin naman, ginagamit para magupload ng executable file.