2012-04-01, 21:49:26
It seems to me that they just don’t know more than ‘look, there was a GET request for timthumb.php’. All the things they have been saying about uploading the latest version was just meant as a precaution. Although they did a very crappy job of explaining this.
What they should have responded was something like the following:
(Also, I should totally go into hosting.)
What they should have responded was something like the following:
Quote:We are sorry your website has been infected by a third party. Looking at your log files we see a known malicious script called timthumb has been the culprit. We cannot see how this script was uploaded to your server. Consider the following steps:I hope this helps in clearing up exactly what has been going on, and what your host meant to tell you.You can also check and make sure that the option allow_url_include in your php.ini is disabled. This will block future malicious attempts to run PHP code from external servers.
- Remove all files from your server and replace them with known clean files. It cannot be seen what files timthumb.php might have injected malicious code into so this is the safest way to clean your server of third party involvement.
- Install the latest version of all software you have been running. timthumb.php might have been updated not to allow for attacks like this is newer versions or the software you are using might have moved away from using timthumb.php. If timthumb.php was uploaded through some other security leak it might still be worth it to make sure you are running the latest version of everything.
We regret that your website has been infected and we would again remind you to be wary of using scripts from the internet that have not gone to a series of tests. We are doing all we can to make our servers secure but cannot keep watch over all code being uploaded.
Kind Regards,
The Management.
(Also, I should totally go into hosting.)
“Don’t forget the important ˚ (not °) on the a,†says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!