Fewer TimThumb Attacks


Are We Seeing an End to Timthumb Attacks on WordPress?

fewer timthumb attacks thumbnail imageLately we have seen a decline in the number of TimThumb RFI attacks against our WordPress sites. A year ago this was the most common hacking probe logged for every WordPress site we manage. Back then we’d see a lot; from 10 to 50, sometimes more, different sources a day. Hardly a day would go by without at least one hacker looking for the vulnerability.

Over the last 6 months, the number of witnessed attempts has declined. Sometimes we don’t see a single probe looking for the old, vulnerable, timthumb.php / thumb.php script for several days.

Is it possible hackers are giving up looking for the out-of-date script? It’s 3 years since the vulnerability was identified and patched. Surely by now most WordPress installations are using later versions of core and plugins. Certainly there are still a few old sites with the exploitable scripts. Maybe the recent rise in botnet attacks, and all the security earnings are encouraging bloggers to update their sites.

TimThumb Attacks Drop, Other Attacks Increase

At the same time, we see lot more probes for other vulnerabilities. There’s been a sharp rise recently in dictionary attacks on wp-login / wp-admin. We’ve also seen many more probes looking for the WP OnlineStore (osCommerce exploit) also fixed over 2 years ago. Perhaps the difficulty in updating earlier versions of the plugin has left many sites running the old version?

We’ve also seen more botnets attacking WordPress, and more hacked websites being part of these botnets. The hacked sites aren’t limited to WordPress either. It looks like many Joomla users haven’t updated sites with the JCE editor exploit vulnerability, allowing a hacker botnet to gain a foothold.

Advertisements

About Mike

Web Developer and Techno-geek Saltwater fishing nut Blogger

Posted on November 16, 2013, in Internet Security, WordPress and tagged , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: