Well, here we are, months after the initial zero day vulnerability within the latest version of TimThumb and I’m still feeling the effects. Unfortunately, for me, I’m a noob and didn’t do as a complete a search as I should have. Here I am, fat and happy figuring I cleaned up all my sites, updated all my plugins, themes, etc…yet I missed one.
I missed a theme update on an old blog, that came back and bit me in the ass. Because of the TimThumb vulnerability the hackers were able to inject some code into my wp-config file, allowing themselves access whenever their little hearts desired. But, several, several, many hours later I’ve now done what I think can be done.