Timthumb dosyasındaki bir açık yüzünden siteleriniz heklenebilir.Çoğu temaların kullandığı bu dosyayı güncellemeniz gerekiyor.Güncellemeniz için yeni versiyonunu bu adresten: http://timthumb.googlecode.com/svn/trunk/timthumb.php indirebilirsiniz.
Haberin orjinali
Recently a security flaw was identified in the Timthumb an image cropping and resizing library commonly used in wordpress themes. This flaw could be exploited by a heker to embed malware in your site. Luckily the flaw was identified by a good soul Mark Maunder and alerted the community about it. Not only he got the word out but he also started working on rectifying the timthumb script from ground up and was later joined by the original timthumb creator. Together they have released an upgrade for the timthumb script and it is called Timthumb-2. It is available here http://timthumb.googlecode.com/svn/trunk/timthumb.php
Now, it is important that anybody using WordPress themes with timthumb library to immediately upgrade the timthumb.php file. You can download the new version of timthumb from the link above and just replace the old version of timthumb in your theme. The new version is secure, fast, and a lot light on the server.
I have upgraded my themes which uses timthumb. So you can either re-download a theme or you can just replace the timthumb file alone in your theme with the new version http://timthumb.googlecode.com/svn/trunk/timthumb.php . If you are using a theme from web2feel or from other theme authors with timthumb library, it is highly advisable you make this upgrade as early as possible
Remember this: Any theme in your wordpress themes directory with an old version of timthumb file could make your site vulnerable. It is not necessary to be the active theme. Make sure not leave any old theme unchecked for this vulnerability.
Haberin orjinali
Recently a security flaw was identified in the Timthumb an image cropping and resizing library commonly used in wordpress themes. This flaw could be exploited by a heker to embed malware in your site. Luckily the flaw was identified by a good soul Mark Maunder and alerted the community about it. Not only he got the word out but he also started working on rectifying the timthumb script from ground up and was later joined by the original timthumb creator. Together they have released an upgrade for the timthumb script and it is called Timthumb-2. It is available here http://timthumb.googlecode.com/svn/trunk/timthumb.php
Now, it is important that anybody using WordPress themes with timthumb library to immediately upgrade the timthumb.php file. You can download the new version of timthumb from the link above and just replace the old version of timthumb in your theme. The new version is secure, fast, and a lot light on the server.
I have upgraded my themes which uses timthumb. So you can either re-download a theme or you can just replace the timthumb file alone in your theme with the new version http://timthumb.googlecode.com/svn/trunk/timthumb.php . If you are using a theme from web2feel or from other theme authors with timthumb library, it is highly advisable you make this upgrade as early as possible
Remember this: Any theme in your wordpress themes directory with an old version of timthumb file could make your site vulnerable. It is not necessary to be the active theme. Make sure not leave any old theme unchecked for this vulnerability.
