一大早就收到一封HostMonster的邮件,标题“Hostmonster Corrected a Security Risk On Your  Account.” 原来主机提供商自己也检测了timthumb漏洞,这个漏洞最近闹的人心惶惶,如果一个服务器上放了很多wordpress网站,自己查找哪个主题或者插件用了timthumb貌似真的很累,如果更新的不完全,只改了一部分,还是会被入侵。我的就是一个例子,因为乱七八糟的网站多了点,有的timthumb就给漏掉了,结果更新了一次过几天发现又被入侵了。有服务商出面解决这个问题,似乎省心多了

发下邮件内容

Dear customer,

This is a courtesy notice that we have found and corrected exploitable timthumb.php file(s) on your account, which are listed below.  While we have corrected these files, we do recommend you ensure all potential exploits are corrected on your account.  This is best done by updating all scripts, plugins, modules and themes on your account to the latest version.

As the owner of the account, you are responsible for keeping your hosted content free of malicious software.  For technical assistance, you can also reach our chat team from Hostmonster.com or by going directly to:

http://www.hostmonster.com/chat

The timthumb.php file is a script commonly used in WordPress's (and other software's) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more.  After a site has been exploited, it may lead to becoming labeled a "Malicious Website" by Google or other security authorities.

Any timthumb.php file below version 1.35, but above version 1.09 is considered vulnerable, unless patched. To prevent being compromised, we advise you update all instances of timthumb.php to version 2.0, or patch the existing vulnerable files.  Note that patching the files requires more in-depth knowledge of the PHP scripting language.

The updated version of timthumb.php can be found here:

http://timthumb.googlecode.com/svn/trunk/timthumb.php

We have automatically patched the following files for you:

Additional information regarding the compromise can be found at the following two websites, as well as others; note that all external websites in this email are not affiliated with Hostmonster.com in any capacity, and are for your reference only.

http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
http://redleg-redleg.blogspot.com/2011/08/malware-hosted-newportalsecom.html

If you have any further questions, feel free to contact our Support department at (866) 573-4678, or via Live Chat at http://www.Hostmonster.com/chat, or by submitting a ticket at https://my.hostmonster.com/cgi/help/ticket.

Hostmonster.com Support
http://www.hostmonster.com
For support go to http://helpdesk.hostmonster.com/
Toll-Free: (866) 573-4678
 

6条留言

  1. 呵呵,这么大的图,还是比较占速度的呀~

    1. 是啊,肯定占速度,所以得想想办法怎么能让大部分地方用背景色

      1. 用木纹的背景可能很适合这款棕色的主题吧。

        1. 木纹的确实合适,不过我就想保留现在这张图片,与我博客的主题有关,所以还得考虑点别的方法,多谢你的建议哦

  2. 这个主题一直很喜爱啊,你的背景图,不适合大分辨率呢~

    1. 你说的没错,背景图片太小,大分辨率肯定别扭了,不过太喜欢这张图片了,也没找到更大的,等哪天有空了再折腾下,多谢提醒啊

评论功能已关闭