Well, here we are, months after the initial zero day vulnerability within the latest version of TimThumb and I’m still feeling the effects. Unfortunately, for me, I’m a noob and didn’t do as a complete a search as I should have. Here I am, fat and happy figuring I cleaned up all my sites, updated all my plugins, themes, etc…yet I missed one.
I missed a theme update on an old blog, that came back and bit me in the ass. Because of the TimThumb vulnerability the hackers were able to inject some code into my wp-config file, allowing themselves access whenever their little hearts desired. But, several, several, many hours later I’ve now done what I think can be done.
Offending outdated themes and plugins updated, injected code removed, and security measures taken. Hell, I even took the time to update every single password I’ve ever used and hopefully used some strong enough to keep people out.
Lesson learned, I need to spend more time on internet security, especially since my server is quickly becoming my livelihood.