小心 TimThumb 就在你家

早在 8 月份的時候就傳出了:WordPress擴充套件TimThumb出現零時差漏洞,但是這個漏洞的災情直到最近才擴大開來。

因為就在上個禮拜有幾個用 WordPress 架站的部落格傳出網頁被植入惡意程式碼,輕則將你瀏覽網站的訪客導向其他頁面,重則直接讓來訪的人電腦中毒,所以有用 WordPress 架站的人一定要慎防!

而其實我早在 8 月份就有一份使用 TimThumb 這個縮圖外掛的清單,原因就是有人用這一份清單在我的網站上 Try !

含有 TimThumb 的 WordPress 版型

所以就會在主機的 cPanel 後台留下了這樣子的錯誤記錄 Log ,這也就是我一直強調大家要經常檢查你的網站記錄的原因:凡走過必留下痕跡!

TimThumb 版型清單

所以這是駭客所貢獻出來的一份清單,而這份清單本是只是留下來參考,現在既然已經有許多人受害,那我就將它公佈出來,如果有用 WordPress 架站的站長請你一定要檢查你是不是有這些版型?

要特別注意的是不只是現在用的被型而已,就算是沒有啟用但是有安裝也會被駭,因為人家可以找到你的檔案而去執行它!

13floor
1-flash-gallery
8q
abstract
aerial
a-gallery
albizia
ambience
amphion-lite
aperture
Apz
aqua-blue
aranovo
arras
arras-theme
arthemix-bronze
arthemix-green
arthemix-green-free
artisan
a-simple-business-theme
AskIt
a-supercms
aureola
aurorae
auto-attachments
autofashion
automotive-blog-theme
backstage
Basic
bikes
black_eve
blex
bloggingstream
bloggnorge-a1
blogified
blogtheme
blue-corporate-hyve-theme
bluemag
blue-news
Bold
bombax
breakingnewz
brightsky
brochure-melbourne
bueno
business-turnkey
busybee
cac-featured-content
calotropis
canvas
category-grid-view-gallery
category-list-portfolio-page
cevhershare
Chameleon
cinch
cityguide
cms-pack
coffeebreak
coffee-lite
ColdStone
comet
comfy-3.0.9
community-events
conceditor-wp-strict
constructor
copyright-licensing-tools
count-per-day
couponer
coverht-wp
cover-wp
crawlrate-tracker
crisp
cushy
dailyedition
dark-dream-media
deep-blue
DeepFocus
delicate
diamond-ray
diarise
dieselclothings
digitalblue
digitalfarm
dimenzion
dp-thumbnail
eGamer
ElegantEstate
eNews
epione
esthete
evarisk
eventify
eVid
evr-green
extend-wordpress
facebook-opengraph-meta-plugin
famous
fashion-style
featuring
flashnews
fliphoto
flix
fordreporter
forewordthinking
freeside
fresh-blu
freshfolio
freshnews
gazette
geometric
Glow
go-green
gothamnews
granite-lite
grapefile
greydove
greyzed
groovyvideo
gunungkidul
headlines
heartspotting-beta
heli-1-wordpress-theme
ideatheme
image-gallery-with-slideshow
impressio
InReview
inspire
introvert
inuit-types
irresistible
islidex
isotherm-news
iwana-v10
jambo
jcblackone
kino-gallery
kratalistic
life-style-free
LightBright
likehacker
lisl-last-image-slider
livewire
loganpress-premium-theme-1
LondonLive
magazeen
magazine-basic
magazinum
Magnificent
magup
make-money-online-theme
make-money-online-theme-1
make-money-online-theme-2
make-money-online-theme-3
make-money-online-theme-4
max-3.0.0
meintest
metamorphosis
mimbopro
Minimal
mobilephonecomparision
modularity
moi-magazine
my-heli
mymag
MyProduct
mystique
mystream
myweblog
nash
neo_wdl
neofresh
new-green-natural-living-ngnl
newsport
newspress
newsworld
newsworld-1.0.0
nomadic
nomadic
Nova
object
OnTheGo
openair
optimize
OptimizePress
oqey-gallery
oschrome
overeasy
papercut
pearlie
PersonalPress
photoracer
photoracer
pico
Plugins
Polished
postage-sydney
postcard
post-highlights
premiumnews
premium-violet
probluezine
productum
profitstheme
profitstheme_11
pronto
proudfolio
PureType
Quadro
r755
really-easy-slider
redcarpet
regal
rekt-slideshow
rent-a-car
retreat
royalle
sealight
search-autocomplete
shaan
shadow
shadow-block
simple-but-great
simplenews_premium
SimplePress
simple-red-theme
simple-tabloid
simplewhite
skeptical
slanted
slidette
snapshot
snowblind
snowblind_colbert
sophisticatedfolio
spectrum
sportpress
spotlight
squeezepage
standout
suffusion
swift
techozoic-fluid
the_dark_os
TheCorporation
thejournal
themetiger-fashion
themorningafter
theory
TheProfessional
TheSource
thestation
TheStyle
the-theme
thick
thrillingtheme
tm-theme
totallyred
travelogue-theme
true-blue-theme
ttnews-theme
tune-library
tweet-old-post
twittplus
typebased
typographywp
ugly
unity
user-avatar
versitility
verve-meta-boxes
vibefolio-teaser-10
vibrantcms
vina
vk-gallery
whitemag
Widescreen
wootube
wpapi
wp-audio-gallery-playlist
wpbus-d4
wp-creativix
wp-marketplace
wp-newsmagazine
wp-perfect
wp-premium-orange
xiando-one
yolink-search
zcool-like

解決的方法

很簡單!只要去 http://code.google.com/p/timthumb/ 下載最新版的 TimThumb.php 覆蓋你版型裡面的檔案就可以了。

但是幾百個版型請你不要問我 TimThumb.php 在哪裡,那是你要自己找的,我不可能幫你找,除非你願意付費。

另外你也可以安裝 Timthumb Vulnerability Scanner 這個外掛來檢查是不是有這邊漏列的版型以及外掛。

新的可疑警報

近日又有人在我網站想要撈我介紹過的 atahualpa 這個版型,原因不明!請有使用這個版型的要提高警覺了!