2012-04-01, 20:17:38
devaintfire Wrote:Here’s their latest effort:
Quote:Blablabla. A GET command for timthumb.php. Stuff we know about hackers. More accusation against I18N Gallery.
A feeble effort at that. Please reply to them something along the lines of:
Quote:I know a GET request was made for timthumb.php, that’s not what I need to know. What I would like to know is how that file got there in the first place. You’ve constantly been pointing at the gallery plugin without clarifying yourself.
The version of the gallery plugin that I am using comes straight from ‘a known clean source’. Are there any POST or GET requests to the gallery plugin that show it was the origin of the script injection? If there are, could you share these with me so I can forward them to the plugin author? I have shared the GET requests you have been sharing with me but these only show how timthumb.php has been used and not where the injection has originated.
If there are no POST or GET requests that could have been responsible for putting timthumb.php on my server why do you think the gallery plugin is the problem? If you have found any code inside the plugin that you think could be the culprit would you mind telling me what this code is and your reasoning behind it?
“Don’t forget the important ˚ (not °) on the a,†says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!