Stop Timthumb Attacks at Server
Stop Timthumb Attacks Before WordPress
All owners of busy, and not so busy, self-hosted WordPress sites and blogs will know all about timthumb scripting attacks on their site. If the site has the latest up to date version of the vulnerable files, that’s as far as the attack will go.
But constant timthumb attacks are still annoying and use up resources with 404 page not found responses.
Stop Timthumb Attacks at Front Door
Here’s a way to stop these annoying attacks at the front door, before they even get to WordPress. The following script shown below added to your website or blog .htaccess file will prevent nearly all timthumb RFI attacks from wasting server resources.
This script must be added AFTER the line RewriteEngine On and BEFORE the WordPress section of the .htaccess file # BEGIN WordPress
Note: The # at the beginning of the script means the line is a comment and does not get executed by the server. [F,L] F tells the server the request is Forbidden - L means it is the Last rule to follow if the rule matches the incoming request. L is not always necessary as F is also a Last instruction.
If you watch your server activity logs (assuming you are using Apache hosting with CPanel – other set-ups may work differently) you will see 403 forbidden or server error 500 codes being sent to the hacker or the bot searching for timthumb vulnerability.
Not an Excuse to Ignore other Good Practices
This script should not be used instead of good practice. The vulnerable script files, every instance of timthumb.php phpthumb.php and thumb.php must still be updated to the latest version.
- TimThumb Exploit (graphiclineweb.wordpress.com)
- Making Your WordPress Blogs More Secure (sallysspecialservices.wordpress.com)
- WordPress and Server Hardening – Taking Security to Another Level (sucuri.net)