Timthumb Vulnerability Scanner

Publish on

October 8th, 2011

under Tips dan Trik, wordpress by tomi | 60 Comments »

Timthumb Vulnerability Scanner merupakan sebuah plugin baru yang mungkin wajib dipasang oleh teman-teman blogger sekalian. Plugin Timthumb Vulnerability Scanner ini berfungsi untuk men-scan themes yang dipakai oleh blog kita dan berfungsi untuk mencegah para ~~ceker~~ hacker dalam membobol atau meng-hack blog kita dengan memanfaatkan celah keamanan blog kita yang terdapat pada direktori wp-content terutama biasanya pada file timthumb.php atau thumb.php.

Timthumb.php biasanya digunakan di sebuah themes / tema blog yang fungsinya untuk membuat thumbnail di setiap postingan (kalau gak salah :D ). Themes yang bertema magazine dan ada thumbnail di halaman indeks nya biasanya menggunakan file timthumb.php di dalamnya. Nah ternyata file ini bisa membukakan jalan untuk hacker dalam menghack blog kita dan tentunya mengganti halaman indeks blog ataupun yang lainnya. Pokoknya wajib pasang deh plugin Timthumb Vulnerability Scanner ini di blog teman-teman, toh pluginnya juga gratis kok. Bisa di download langsung melalui dashboard -> add new plugins, tapi khusus untuk blog WP.org yaa.. Kalau WP.com jelas gak bisa :D

O ya ni beberapa themes yang menggunakan script timthumb.php bisa menyebabkan celah keamanan blog :

http://example.com/wp-content/themes/TheStyle/timthumb.php
http://example.com/wp-content/themes/nool/timthumb.php
http://example.com/wp-content/themes/PersonalPress/timthumb.php
http://example.com/wp-content/themes/SimplePress/timthumb.php
http://example.com/wp-content/themes/DeepFocus/timthumb.php
http://example.com/wp-content/themes/DelicateNews/timthumb.php
http://example.com/wp-content/themes/Bold/timthumb.php
http://example.com/wp-content/themes/eStore/timthumb.php
http://example.com/wp-content/themes/TheProfessional/timthumb.php
http://example.com/wp-content/themes/OnTheGo/timthumb.php
http://example.com/wp-content/themes/AskIt/timthumb.php
http://example.com/wp-content/themes/Nova/timthumb.php
http://example.com/wp-content/themes/eNews/timthumb.php
http://example.com/wp-content/themes/eVid/timthumb.php
http://example.com/wp-content/themes/TheCorporation/timthumb.php
http://example.com/wp-content/themes/Minimal/timthumb.php
http://example.com/wp-content/themes/Polished/timthumb.php
http://example.com/wp-content/themes/MyResume/timthumb.php
http://example.com/wp-content/themes/TheSource/timthumb.php
http://example.com/wp-content/themes/StudioBlue/timthumb.php
http://example.com/wp-content/themes/Wooden/timthumb.php
http://example.com/wp-content/themes/WhosWho/timthumb.php
http://example.com/wp-content/themes/Quadro/timthumb.php
http://example.com/wp-content/themes/Glow/timthumb.php
http://example.com/wp-content/themes/Modest/timthumb.php
http://example.com/wp-content/themes/Aggregate/timthumb.php
http://example.com/wp-content/themes/ArtSee/timthumb.php
http://example.com/wp-content/themes/versatile/timthumb.php
http://example.com/wp-content/themes/omni-shop/timthumb.php
http://example.com/wp-content/themes/manifesto/scripts/timthumb.php
http://example.com/wp-content/themes/arthem-mod/scripts/timthumb.php
http://example.com/wp-content/themes/echoes/timthumb.php
http://example.com/wp-content/themes/Bold4/timthumb.php
http://example.com/wp-content/themes/primely-theme/scripts/timthumb.php
http://example.com/wp-content/themes/zenkoreviewRD/scripts/timthumb.php
http://example.com/wp-content/themes/ElegantEstate/timthumb.php
http://example.com/wp-content/themes/PersonalPress2/timthumb.php
http://example.com/wp-content/themes/mypage/scripts/timthumb.php
http://example.com/wp-content/themes/magazinum/scripts/timthumb.php
http://example.com/wp-content/themes/pbv_multi/scripts/timthumb.php
http://example.com/wp-content/themes/photofeature/scripts/timthumb.php
http://example.com/wp-content/themes/ColdStone/timthumb.php
http://example.com/wp-content/themes/HMDeepFocus/timthumb.php
http://example.com/wp-content/themes/EarthlyTouch/timthumb.php
http://example.com/wp-content/themes/Boutique/timthumb.php
http://example.com/wp-content/themes/ePhoto/timthumb.php
http://example.com/wp-content/themes/PureType/timthumb.php
http://example.com/wp-content/themes/13Floor/timthumb.php
http://example.com/wp-content/themes/BusinessCard/timthumb.php
http://example.com/wp-content/themes/CherryTruffle/timthumb.php
http://example.com/wp-content/themes/Cion/timthumb.php
http://example.com/wp-content/themes/DailyNotes/timthumb.php
http://example.com/wp-content/themes/eGallery/timthumb.php
http://example.com/wp-content/themes/eGamer/timthumb.php
http://example.com/wp-content/themes/GrungeMag/timthumb.php
http://example.com/wp-content/themes/Influx/timthumb.php
http://example.com/wp-content/themes/LightBright/timthumb.php
http://example.com/wp-content/themes/LightSource/timthumb.php
http://example.com/wp-content/themes/Magnificent/timthumb.php
http://example.com/wp-content/themes/Memoir/timthumb.php
http://example.com/wp-content/themes/AskIt_v1.6/AskIt/timthumb.php
http://example.com/wp-content/themes/TidalForce/timthumb.php
http://example.com/wp-content/themes/Atlantis/timthumb.php
http://example.com/wp-content/themes/DelicateNewsYellow/timthumb.php
http://example.com/wp-content/themes/themorningafter/timthumb.php
http://example.com/wp-content/themes/arthemia-premium/scripts/timthumb.php
http://example.com/wp-content/themes/arthemia/scripts/timthumb.php
http://example.com/wp-content/themes/arthemia-premium-park/scripts/timthumb.php
http://example.com/wp-content/themes/linepress/timthumb.php
http://example.com/wp-content/themes/wedding/timthumb.php
http://example.com/wp-content/themes/graduate/timthumb.php
http://example.com/wp-content/themes/wp-newspaper/timthumb.php
http://example.com/wp-content/themes/advanced-newspaper/timthumb.php
http://example.com/wp-content/themes/journey/timthumb.php
http://example.com/wp-content/themes/newspro/timthumb.php
http://example.com/wp-content/themes/transcript/timthumb.php
http://example.com/wp-content/themes/showfolio/timthumb.php
http://example.com/wp-content/themes/quickstart/timthumb.php
http://example.com/wp-content/themes/Restorante/timthumb.php
http://example.com/wp-content/themes/snapwire/timthumb.php
http://example.com/wp-content/themes/aqua-blue/includes/timthumb.php
http://example.com/wp-content/themes/swatch/functions/thumb.php
http://example.com/wp-content/themes/announcement/functions/thumb.php
http://example.com/wp-content/themes/empire/functions/thumb.php
http://example.com/wp-content/themes/supportpress/functions/thumb.php
http://example.com/wp-content/themes/editorial/functions/thumb.php
http://example.com/wp-content/themes/statua/functions/thumb.php
http://example.com/wp-content/themes/briefed/functions/thumb.php
http://example.com/wp-content/themes/faultpress/functions/thumb.php
http://example.com/wp-content/themes/kaboodle/functions/thumb.php
http://example.com/wp-content/themes/savinggrace/functions/thumb.php
http://example.com/wp-content/themes/premiere/functions/thumb.php
http://example.com/wp-content/themes/simplicity/functions/thumb.php
http://example.com/wp-content/themes/deliciousmagazine/functions/thumb.php
http://example.com/wp-content/themes/canvas-buddypress/functions/thumb.php
http://example.com/wp-content/themes/bookclub/functions/thumb.php
http://example.com/wp-content/themes/boldnews/functions/thumb.php
http://example.com/wp-content/themes/placeholder/functions/thumb.php
http://example.com/wp-content/themes/biznizz/functions/thumb.php
http://example.com/wp-content/themes/auld/functions/thumb.php
http://example.com/wp-content/themes/listings/functions/thumb.php
http://example.com/wp-content/themes/elefolio/functions/thumb.php
http://example.com/wp-content/themes/chapters/functions/thumb.php
http://example.com/wp-content/themes/continuum/functions/thumb.php
http://example.com/wp-content/themes/diner/functions/thumb.php
http://example.com/wp-content/themes/skeptical/functions/thumb.php
http://example.com/wp-content/themes/caffeinated/functions/thumb.php
http://example.com/wp-content/themes/crisp/functions/thumb.php
http://example.com/wp-content/themes/sealight/functions/thumb.php
http://example.com/wp-content/themes/unite/functions/thumb.php
http://example.com/wp-content/themes/estate/functions/thumb.php
http://example.com/wp-content/themes/tma/functions/thumb.php
http://example.com/wp-content/themes/coda/functions/thumb.php
http://example.com/wp-content/themes/inspire/functions/thumb.php
http://example.com/wp-content/themes/apz/functions/thumb.php
http://example.com/wp-content/themes/spectrum/functions/thumb.php
http://example.com/wp-content/themes/diarise/functions/thumb.php
http://example.com/wp-content/themes/boast/functions/thumb.php
http://example.com/wp-content/themes/retreat/functions/thumb.php
http://example.com/wp-content/themes/cityguide/functions/thumb.php
http://example.com/wp-content/themes/cinch/functions/thumb.php
http://example.com/wp-content/themes/slanted/functions/thumb.php
http://example.com/wp-content/themes/canvas/functions/thumb.php
http://example.com/wp-content/themes/postcard/functions/thumb.php
http://example.com/wp-content/themes/delegate/functions/thumb.php
http://example.com/wp-content/themes/mystream/functions/thumb.php
http://example.com/wp-content/themes/optimize/functions/thumb.php
http://example.com/wp-content/themes/backstage/functions/thumb.php
http://example.com/wp-content/themes/sophisticatedfolio/functions/thumb.php
http://example.com/wp-content/themes/bueno/functions/thumb.php
http://example.com/wp-content/themes/digitalfarm/functions/thumb.php
http://example.com/wp-content/themes/headlines/functions/thumb.php
http://example.com/wp-content/themes/f0101/functions/thumb.php
http://example.com/wp-content/themes/royalle/functions/thumb.php
http://example.com/wp-content/themes/exposure/functions/thumb.php
http://example.com/wp-content/themes/rockstar/functions/thumb.php
http://example.com/wp-content/themes/dailyedition/functions/thumb.php
http://example.com/wp-content/themes/object/functions/thumb.php
http://example.com/wp-content/themes/antisocial/functions/thumb.php
http://example.com/wp-content/themes/coffeebreak/functions/thumb.php
http://example.com/wp-content/themes/mortar/functions/thumb.php
http://example.com/wp-content/themes/bigeasy/functions/thumb.php
http://example.com/wp-content/themes/groovyphoto/functions/thumb.php
http://example.com/wp-content/themes/groovyblog/functions/thumb.php
http://example.com/wp-content/themes/mainstream/functions/thumb.php
http://example.com/wp-content/themes/featurepitch/functions/thumb.php
http://example.com/wp-content/themes/suitandtie/functions/thumb.php
http://example.com/wp-content/themes/thejournal/functions/thumb.php
http://example.com/wp-content/themes/myweblog/functions/thumb.php
http://example.com/wp-content/themes/aperture/functions/thumb.php
http://example.com/wp-content/themes/metamorphosis/functions/thumb.php
http://example.com/wp-content/themes/bloggingstream/functions/thumb.php
http://example.com/wp-content/themes/thestation/functions/thumb.php
http://example.com/wp-content/themes/groovyvideo/functions/thumb.php
http://example.com/wp-content/themes/productum/functions/thumb.php
http://example.com/wp-content/themes/newsport/functions/thumb.php
http://example.com/wp-content/themes/irresistible/functions/thumb.php
http://example.com/wp-content/themes/cushy/functions/thumb.php
http://example.com/wp-content/themes/wootube/functions/thumb.php
http://example.com/wp-content/themes/forewordthinking/functions/thumb.php
http://example.com/wp-content/themes/geometric/functions/thumb.php
http://example.com/wp-content/themes/abstract/functions/thumb.php
http://example.com/wp-content/themes/busybee/functions/thumb.php
http://example.com/wp-content/themes/blogtheme/functions/thumb.php
http://example.com/wp-content/themes/gothamnews/functions/thumb.php
http://example.com/wp-content/themes/thick/functions/thumb.php
http://example.com/wp-content/themes/typebased/functions/thumb.php
http://example.com/wp-content/themes/overeasy/functions/thumb.php
http://example.com/wp-content/themes/ambience/functions/thumb.php
http://example.com/wp-content/themes/snapshot/functions/thumb.php
http://example.com/wp-content/themes/openair/functions/thumb.php
http://example.com/wp-content/themes/freshfolio/functions/thumb.php
http://example.com/wp-content/themes/papercut/functions/thumb.php
http://example.com/wp-content/themes/proudfolio/functions/thumb.php
http://example.com/wp-content/themes/vibrantcms/functions/thumb.php
http://example.com/wp-content/themes/freshnews/functions/thumb.php
http://example.com/wp-content/themes/livewire/functions/thumb.php
http://example.com/wp-content/themes/gazette/functions/thumb.php
http://example.com/wp-content/themes/flashnews/functions/thumb.php
http://example.com/wp-content/themes/premiumnews/functions/thumb.php
http://example.com/wp-content/themes/newspress/functions/thumb.php
http://example.com/wp-content/themes/8q/scripts/timthumb.php
http://example.com/wp-content/themes/aerial/lib/timthumb.php
http://example.com/wp-content/themes/aesthete/timthumb.php
http://example.com/wp-content/themes/albizia/includes/timthumb.php
http://example.com/wp-content/themes/amphion-lite/script/timthumb.php
http://example.com/wp-content/themes/aranovo/scripts/timthumb.php
http://example.com/wp-content/themes/arras/library/timthumb.php
http://example.com/wp-content/themes/arras-theme/library/timthumb.php
http://example.com/wp-content/themes/arthemix-bronze/scripts/timthumb.php
http://example.com/wp-content/themes/artisan/includes/timthumb.php
http://example.com/wp-content/themes/arthemix-green/scripts/timthumb.php
http://example.com/wp-content/themes/a-simple-business-theme/scripts/timthumb.php
http://example.com/wp-content/themes/a-supercms/timthumb.php
http://example.com/wp-content/themes/aureola/scripts/timthumb.php
http://example.com/wp-content/themes/aurorae/timthumb.php
http://example.com/wp-content/themes/autofashion/thumb.php
http://example.com/wp-content/themes/automotive-blog-theme/Quick%20Cash%20Auto/timthumb.php
http://example.com/wp-content/themes/bikes/thumb.php
http://example.com/wp-content/themes/automotive-blog-theme/timthumb.php
http://example.com/wp-content/themes/black_eve/timthumb.php
http://example.com/wp-content/themes/blex/scripts/timthumb.php
http://example.com/wp-content/themes/bloggnorge-a1/scripts/timthumb.php
http://example.com/wp-content/themes/blogified/timthumb.php
http://example.com/wp-content/themes/blue-corporate-hyve-theme/timthumb.php
http://example.com/wp-content/themes/bluemag/library/timthumb.php
http://example.com/wp-content/themes/blue-news/scripts/timthumb.php
http://example.com/wp-content/themes/bombax/includes/timthumb.php
http://example.com/wp-content/themes/breakingnewz/timthumb.php
http://example.com/wp-content/themes/brightsky/scripts/timthumb.php
http://example.com/wp-content/themes/brochure-melbourne/includes/timthumb.php
http://example.com/wp-content/themes/business-turnkey/assets/js/timthumb.php
http://example.com/wp-content/themes/calotropis/includes/timthumb.php
http://example.com/wp-content/themes/coffee-lite/thumb.php
http://example.com/wp-content/themes/comet/scripts/timthumb.php
http://example.com/wp-content/themes/conceditor-wp-strict/scripts/timthumb.php
http://example.com/wp-content/themes/constructor/layouts/thumb.php
http://example.com/wp-content/themes/constructor/libs/timthumb.php
http://example.com/wp-content/themes/constructor/timthumb.php
http://example.com/wp-content/themes/coverht-wp/scripts/timthumb.php
http://example.com/wp-content/themes/cover-wp/scripts/timthumb.php
http://example.com/wp-content/themes/dark-dream-media/timthumb.php
http://example.com/wp-content/themes/deep-blue/timthumb.php
http://example.com/wp-content/themes/delicate/thumb.php
http://example.com/wp-content/themes/diamond-ray/thumb.php
http://example.com/wp-content/themes/dieselclothings/thumb.php
http://example.com/wp-content/themes/digitalblue/thumb.php
http://example.com/wp-content/themes/dimenzion/timthumb.php
http://example.com/wp-content/themes/epione/script/timthumb.php
http://example.com/wp-content/themes/evr-green/scripts/timthumb.php
http://example.com/wp-content/themes/famous/megaframe/megapanel/inc/upload.php
http://example.com/wp-content/themes/famous/timthumb.php
http://example.com/wp-content/themes/fashion-style/thumb.php
http://example.com/wp-content/themes/featuring/timthumb.php
http://example.com/wp-content/themes/fliphoto/timthumb.php
http://example.com/wp-content/themes/flix/timthumb.php
http://example.com/wp-content/themes/fordreporter/scripts/thumb.php
http://example.com/wp-content/themes/freeside/thumb.php
http://example.com/wp-content/themes/fresh-blu/scripts/timthumb.php
http://example.com/wp-content/themes/go-green/modules/timthumb.php
http://example.com/wp-content/themes/granite-lite/scripts/timthumb.php
http://example.com/wp-content/themes/greydove/timthumb.php
http://example.com/wp-content/themes/greyzed/functions/efrog/lib/timthumb.php
http://example.com/wp-content/themes/gunungkidul/thumb.php
http://example.com/wp-content/themes/heartspotting-beta/thumb.php
http://example.com/wp-content/themes/heli-1-wordpress-theme/images/timthumb.php
http://example.com/wp-content/themes/ideatheme/timthumb.php
http://example.com/wp-content/themes/impressio/timthumb/timthumb.php
http://example.com/wp-content/themes/introvert/thumb.php
http://example.com/wp-content/themes/inuit-types/thumb.php
http://example.com/wp-content/themes/isotherm-news/thumb.php
http://example.com/wp-content/themes/iwana-v10/timthumb.php
http://example.com/wp-content/themes/jambo/thumb.php
http://example.com/wp-content/themes/jcblackone/thumb.php
http://example.com/wp-content/themes/kratalistic/thumb.php
http://example.com/wp-content/themes/life-style-free/thumb.php
http://example.com/wp-content/themes/likehacker/timthumb.php
http://example.com/wp-content/themes/litepress/scripts/timthumb.php
http://example.com/wp-content/themes/loganpress-premium-theme-1/thumb.php
http://example.com/wp-content/themes/magazine-basic/thumb.php
http://example.com/wp-content/themes/magup/timthumb.php
http://example.com/wp-content/themes/make-money-online-theme-1/scripts/timthumb.php
http://example.com/wp-content/themes/make-money-online-theme-2/scripts/timthumb.php
http://example.com/wp-content/themes/make-money-online-theme-3/scripts/timthumb.php
http://example.com/wp-content/themes/make-money-online-theme-4/scripts/timthumb.php
http://example.com/wp-content/themes/make-money-online-theme/scripts/timthumb.php
http://example.com/wp-content/themes/meintest/layouts/thumb.php
http://example.com/wp-content/themes/mobilephonecomparision/thumb.php
http://example.com/wp-content/themes/moi-magazine/timthumb.php
http://example.com/wp-content/themes/my-heli/images/timthumb.php
http://example.com/wp-content/themes/mymag/timthumb.php
http://example.com/wp-content/themes/mystique/extensions/auto-thumb/timthumb.php
http://example.com/wp-content/themes/nash/theme-assets/php/timthumb.php
http://example.com/wp-content/themes/neofresh/timthumb.php
http://example.com/wp-content/themes/neo_wdl/includes/extensions/thumb.php
http://example.com/wp-content/themes/new-green-natural-living-ngnl/scripts/timthumb.php
http://example.com/wp-content/themes/newspress/thumb.php
http://example.com/wp-content/themes/pearlie/scripts/timthumb.php
http://example.com/wp-content/themes/pico/scripts/timthumb.php
http://example.com/wp-content/themes/postage-sydney/includes/timthumb.php
http://example.com/wp-content/themes/premium-violet/thumb.php
http://example.com/wp-content/themes/probluezine/timthumb.php
http://example.com/wp-content/themes/pronto/cjl/pronto/uploadify/check.php
http://example.com/wp-content/themes/pronto/cjl/pronto/uploadify/uploadify.php
http://example.com/wp-content/themes/r755/thumb.php
http://example.com/wp-content/themes/regal/timthumb.php
http://example.com/wp-content/themes/shaan/timthumb.php
http://example.com/wp-content/themes/shadow-block/thumb.php
http://example.com/wp-content/themes/shadow/timthumb.php
http://example.com/wp-content/themes/simple-but-great/timthumb.php
http://example.com/wp-content/themes/simplenews_premium/scripts/timthumb.php
http://example.com/wp-content/themes/simple-red-theme/timthumb.php
http://example.com/wp-content/themes/simple-tabloid/thumb.php
http://example.com/wp-content/themes/simplewhite/timthumb.php
http://example.com/wp-content/themes/slidette/timThumb/timthumb.php
http://example.com/wp-content/themes/snowblind_colbert/thumb.php
http://example.com/wp-content/themes/snowblind/thumb.php
http://example.com/wp-content/themes/spotlight/timthumb.php
http://example.com/wp-content/themes/squeezepage/timthumb.php
http://example.com/wp-content/themes/standout/thumb.php
http://example.com/wp-content/themes/suffusion/timthumb.php
http://example.com/wp-content/themes/swift/includes/thumb.php
http://example.com/wp-content/themes/swift/includes/timthumb.php
http://example.com/wp-content/themes/swift/timthumb.php
http://example.com/wp-content/themes/techozoic-fluid/options/thumb.php
http://example.com/wp-content/themes/the_dark_os/tools/timthumb.php
http://example.com/wp-content/themes/themetiger-fashion/thumb.php
http://example.com/wp-content/themes/theory/thumb.php
http://example.com/wp-content/themes/the-theme/core/libs/thumbnails/thumb.php
http://example.com/wp-content/themes/thrillingtheme/thumb.php
http://example.com/wp-content/themes/tm-theme/js/timthumb.php
http://example.com/wp-content/themes/totallyred/scripts/timthumb.php
http://example.com/wp-content/themes/travelogue-theme/scripts/timthumb.php
http://example.com/wp-content/themes/true-blue-theme/timthumb.php
http://example.com/wp-content/themes/ttnews-theme/timthumb.php
http://example.com/wp-content/themes/typographywp/timthumb.php
http://example.com/wp-content/themes/ugly/timthumb.php
http://example.com/wp-content/themes/unity/timthumb.php
http://example.com/wp-content/themes/versitility/timthumb.php
http://example.com/wp-content/themes/vibefolio-teaser-10/scripts/timthumb.php
http://example.com/wp-content/themes/vina/thumb.php
http://example.com/wp-content/themes/whitemag/script/thumb.php
http://example.com/wp-content/themes/wpapi/thumb.php
http://example.com/wp-content/themes/wpbus-d4/includes/timthumb.php
http://example.com/wp-content/themes/wp-creativix/scripts/timthumb.php
http://example.com/wp-content/themes/wp-newsmagazine/scripts/timthumb.php
http://example.com/wp-content/themes/wp-perfect/js/timthumb.php
http://example.com/wp-content/themes/wp-premium-orange/timthumb.php
http://example.com/wp-content/themes/xiando-one/thumb.php
http://example.com/wp-content/themes/zcool-like/timthumb.php
http://example.com/wp-content/themes/zcool-like/uploadify.php
http://example.com/wp-content/themes/twittplus/scripts/timthumb.php

Rata-rata malah themes premium seperti dari Woo Themes, Elegant Themes, Theme Junkie. Yang menggunakan salah satu themes diatas maka lebih baik segera pasang plugin Timthumb Vulnerability Scanner dan melalukan scanning. Nanti kalau ada file yang dicurigai sebagai celah untuk hacker maka akan di deteksi dan teman-teman tinggal mengklik tombol fix untuk melakukan patching pada file supaya tidak mudah ditembus hacker lagi.

Ayoo ayoo mari scanning bareng2.. Blog tomipurba [dot] net udah aku scan ternyata aman. Bagaimana dengan blog teman-teman? Silahkan dicek yaa..

Go GO blog!!

Post Label: bug wp pada thumb.php, kelemahan wp, mencegah hack pada file timthumb.php, plugin Timthumb Vulnerability Scanner, Timthumb Vulnerability Scanner

About The Author "tomi"

Blogger biasa yang hobby menulis dan berbagi informasi kepada orang lain.

60 thoughts on “Timthumb Vulnerability Scanner”

Adi Wibowo on 08/10/2011 at 23:09 said:

Wedeh komplit banget nih mas.
Nyoba dulu ya mas :D
Adie Ingin Tahu on 08/10/2011 at 23:25 said:

sip mas…. :) tak coba dulu…..kemarin-kemarin belum sempat cek my theme hheeh
Adie Ingin Tahu on 08/10/2011 at 23:28 said:

untung blog aku tidak pakai salah satu theme di atas :D
andre on 08/10/2011 at 23:31 said:

aku apke theme thumnail. tapi tetep ga muncu tuh thumbnail imagenya. perlu di scan juga ga mas?
- tomi on 09/10/2011 at 23:33 said:
  
  ia perlu mas.. kan sapa tau diinjek dan bs dijebol mas andre
Supriyadi Pro on 09/10/2011 at 09:32 said:

Ikut nyoba ya gan..
red on 09/10/2011 at 10:19 said:

apa gak sebaiknya thumbnail dimatiin aja bro? karena kalo banyak plugin (meski plugin itu tampak menarik dan amat berguna) kan menambah http request juga. akibatnya kecepatan blog berkurang dan boros di bandwidth….
- tomi on 09/10/2011 at 23:33 said:
  
  plugin ini diaktifkan pas untuk nyecan aja mas.. klo udah selesai bs di nonaktifkan / delete aja.. :D
Kaget on 09/10/2011 at 11:15 said:

Tak cobain dulu, soalnya saya pake banyak gambar. Siapa tau ada yang usil :senyum:
vira on 09/10/2011 at 11:18 said:

hii salam kenal iya dari vira .. :)
jangan lupa mapir keweb vira iya di vira mau berbagi pengalaman nih.:)
wah bagus juga iya blog ka2 … ^_^ good luck iya…..
SALAM BLOGER INDONESIA..:)
- Hot Hot on 09/10/2011 at 20:44 said:
  
  Nggak mau, ente spammer dowangok, dimanya-manya komenge podho kabeh iki mas.
  - FajaR on 09/10/2011 at 22:39 said:
    
    aku ya wes tau di koment cah iki, jan podo tenan komentare…
    - tomi on 09/10/2011 at 23:29 said:
      
      iyoo mung waton nyepam mas :D
Nurul Imam on 09/10/2011 at 15:14 said:

Saya malah ga pernah kepikiran buat pake theme magazine yang ada thumbnailnya. Meski klo sy membutuhkannya, saya hanya membuat custom field / featured image.
Wandi Sukoharjo on 09/10/2011 at 20:41 said:

1. Kayaknya di sini belon dipasang plugin itu kan mas? Kalawo sudah dipasang kan bisa langsung tahu.
2. Apa itu plugin nggak memperberat load? :lol:
- tomi on 09/10/2011 at 23:34 said:
  
  1. udah tak pasang untuk nyecan mas.. hasilnya nihil.. aman terkendali :D
  2. enggak kok.. soalnya habis nyecan ya di non aktifkan lagi aja kang :D
FajaR on 09/10/2011 at 22:40 said:

kemaren saya juga dapet security warning dari hosting yang saya pake, alngsung deh dag dig dug pasang firewall :swt3:
- tomi on 09/10/2011 at 23:35 said:
  
  kemaren 2 hari emang baru scaning 1 server mas .. hasil e luar biasaaa :D
Farizalfa on 10/10/2011 at 00:52 said:

Kelihatannya aku mau bersih2 database dulu, baru ngaktifin plug in baru.
Kelihatannya database ku sudah bengkak gara-gara sering tukar theme dan plug in.

Makasih inponya mas,
plug in ini kelihatannya sangat berguna karna setelah baca2 banyak sekali para ceker yang meletakkan file berbahaya di thimpthump.php
- tomi on 11/10/2011 at 22:48 said:
  
  ia mas.. saya kmrn jg habis beres2 database… soalnya sql space mpe 500 mb mas :D
JhezeR on 10/10/2011 at 07:56 said:

nice info mas, rata2 ceker cuma scanning pake tool dengan make nama folder theme yg ada timthumbnya sperti list atas, kayaknya kalo kita ngubah nama folder themenya bisa lbh aman jg sih, tp emg lbh aman kalo di scan / di tambal script timthumbnya.
- tomi on 11/10/2011 at 22:47 said:
  
  berarti setelah di scan.. nama folder theme jg diganti ya mas enak e
presentations on 10/10/2011 at 09:11 said:

Posting yang bagus, terima kasih
Hybrid cars on 10/10/2011 at 09:13 said:

Tom, kliatannya si “vira” tuh spammer. Dimana-mana pasang comment seperti itu….persis !
- tomi on 11/10/2011 at 22:39 said:
  
  ho oh.. makane tak nengke wae mas
ip-ip on 10/10/2011 at 10:41 said:

wus wus,, mantav ni kang..
tu cuma buat yang pake tema menampilkan thumbnail di index pa buat semua kang?? tema blogku sih nggak nampilin thumbnail di index.. penak’e pie kang?? :)
- tomi on 11/10/2011 at 22:39 said:
  
  ya liat aja ada file timbthumb.php atau thumb.php g mas di folder tema nya.. kalau ada ya mending coba di scan aja
Ejakulasi Dini on 10/10/2011 at 12:12 said:

ini khusus untuk pengguna WP ya gan
bisa tidak untuk blog statis kayak Toko Online ku ini ?
Aryo Seno on 10/10/2011 at 12:12 said:

Blog saya juga sering diserang templatenya kaya gitu mas, untung saya make BPS Security, jadi langsung redirect ke not found
- tomi on 11/10/2011 at 22:34 said:
  
  BPS itu pa mas? dibuat postingannya donk :D
Berita Terbaru on 10/10/2011 at 15:03 said:

Klo untuk blogger gimana bos? Bagaimana cara mengatasi celah serupa?
- tomi on 11/10/2011 at 22:32 said:
  
  blogger aman.. punya google gt looh :D
Danu Akbar on 10/10/2011 at 15:05 said:

Mantap.. sekarang lagi rawan cracking.
Jadi ini berguna banget :D
- tomi on 11/10/2011 at 22:32 said:
  
  wahh suhu nya dataaang :D
  ia mas.. baru rawan nih…
Sriyono Smg on 10/10/2011 at 20:01 said:

sesama warga endonesia nyari recehan mbok ya jangan saling ganggu to ndaaaaaaaa….
- tomi on 11/10/2011 at 22:31 said:
  
  hahaha.. saya bukan warga endonesia kok mas.. tp indonesia :D
arip on 10/10/2011 at 21:08 said:

pernah ngalamin dicrack gara2 masalah thumb itu pas lagi punya blog pake hostingan sendiri nih :nangis:
- tomi on 11/10/2011 at 22:23 said:
  
  sekarang coba di scan ulang pake plugin ini mas….
jam tangan on 11/10/2011 at 01:11 said:

nice share ..
salam kenal..
:D
ada-akbar.com on 11/10/2011 at 05:21 said:

tha nkss gan . .sepertinya tema ane aman . .bisa ane instal ne plugin :D
- tomi on 11/10/2011 at 22:22 said:
  
  ia instal dl aja masbro.. untuk nyecan
jarwadi on 11/10/2011 at 10:52 said:

ini nih trips buat yang pakai wordpress self hosted
Jauhari on 11/10/2011 at 17:38 said:

Waspadalah waspadalah
- tomi on 11/10/2011 at 22:19 said:
  
  ahaha.. ia kang.. untuk developer wajib diperhatikan jg nih :malu:
enggar on 11/10/2011 at 21:49 said:

wuiihh jan mantap theme nya…. nyoba dulu yaw gan…
- tomi on 11/10/2011 at 22:06 said:
  
  haahhh?? maksudnya apa kok mantap themenya mau nyoba dl?
tomi on 11/10/2011 at 22:38 said:

blog statisnya pake wp jg mas?
bro eser on 12/10/2011 at 10:03 said:

Mungkin ini penyebabnya sehingga blog saya dibobol oleh hacker???
- tomi on 13/10/2011 at 17:30 said:
  
  bs jadi bro eser :malu:
xamthone on 12/10/2011 at 14:13 said:

makin mantap ja gan nie,,,,,,,,
SybilTerrell on 12/10/2011 at 20:07 said:

Every body knows that men’s life seems to be very expensive, however some people require cash for different issues and not every person earns big sums money. Therefore to get good loan or just consolidation loans will be a correct solution.
Leo Ari Wibowo on 13/10/2011 at 16:18 said:

Baru tahu kalau timthumb bisa membuka jalan buat hacker. Kebetulan tema saya ada timthumb.php mas. Tapi untung dari dulu saya buang, karena nggak bisa bekerja dengan baik di web host saya. Selamet….selamet
- tomi on 13/10/2011 at 17:44 said:
  
  lah itu di halaman indeks berarti bukan pake timthumb ya mas? berarti coding sendiri donk..
  wahh joss
Cahya on 14/10/2011 at 01:27 said:

Kenapa tidak menggunakan Google Webmaster Tools atau Bing? Kan tidak perlu pasang pengaya lagi Pak?
- tomi on 15/10/2011 at 17:13 said:
  
  emang bs mas ngecek ada celah keamanan pake webmaster tools / bing?
obat lambung on 14/10/2011 at 12:32 said:

bener mas…
kita harus lebih waspada…. :kacapembesar:
Atep Saepulloh on 17/10/2011 at 21:39 said:

Dulu blog saya pernah pake Daily dari themejunkie, dan sering mendapat warning dari WP-Firewall tetang adanya SQL Injection di bagian Timthumb nya.
Sebelumnya saya tak begitu mengerti apa artinya,tp setelah saya mendapatkan informasi, akhirnya saya terpaksa ganti theme…
:swt:
padahal sudah jatuh cinta sekali sama theme itu :pusing:
- tomi on 21/10/2011 at 00:17 said:
  
  gak perlu ganti themes mas.. mgkn tnggl di scanner aja.. otomatis nanti di patch kok
Cinta on 23/10/2011 at 14:08 said:

Apakah dengan menggunakan plugin ini,timthumb php nya pasti aman?

Nyobain ini ah :lol: :lol: :lol: :omg: :silau: :heh?: :gembeng:
afiv firdaus on 23/10/2011 at 14:59 said:

saya belum pasang nih! nanti aja ah sekarang masih aman :D

tomipurba [dot] net

My Online Notes

Timthumb Vulnerability Scanner

About The Author "tomi"

60 thoughts on “Timthumb Vulnerability Scanner”

Pertamax Perekaman e-KTP

Posting Terkait Timthumb Vulnerability Scanner

About The Author "tomi"

Related Articles With "Timthumb Vulnerability Scanner"

60 thoughts on “Timthumb Vulnerability Scanner”

Pertamax Perekaman e-KTP