It’s a Beee-oootch When TimThumb Opens Your Site’s Back Door

Posted on 19. Dec, 2011 by in Blog Repair, General Blogging


Creative Commons License photo credit: Feral78

I lot has been going on in my world of blogging and I’m way late on this post, because I’ve adjusted my schedule so that I’m always a couple weeks or more ahead of schedule.  Why?  Because this crazy woman is considering a new blog – I’m working on the keyword research (which is a bee-otch) right now.

Anyway, back to my story.  On Thursday 12/15, I received an email from my host company, FatCow, telling me that there has been some unusual activity on my site (the photography blog) and the activity was taking up too much bandwidth and slowing down all the sites on the server so they had to shut me down.  They suggested that I use an FTP client (like Filezilla) to remove the offending file – it was a TimThumb issue.

If I lost you, then join the club, because I was lost too.  Let me catch you up with the warning that I’m a technically challenged chick so, to me, “thingie” is a legitimate word… 

This guy, TimThumb, let Hacker Harry in my house.  Monkey Butts!

TimThumb is some type of file or program or something that reduces image sizes so that we can use them as thumbnails on our sites.  So if you look at either of my blogs, you’ll see small square and when you go into the blog post, the image will be larger.  You with me?

TimThumb also has a flaw that allows crazy, psychotic, I have nothing better to do with my time than EFF with you hackers to access your site, install malware, and wreak havoc over everything in your blogosphere.

Loads of track back spam and a 70+% increase to visitors (not the good kind)

Recently, I found that I was getting loads of trackback spam and I downloaded the WordPress Plugin, Simple Trackback Validation, to combat it.  It helped a little, but not enough.  Turns out that TimThumb was causing the increase in spam and the subsequent increase in traffic, none of it good.

So Fatcow dumped me via email (sort of).  Jerk!

So I got an email about my site.  Went over to my site and saw the message that the site was down and if you’re the owner, contact us.  I tried to log into my dashboard, same message.  I try to log into my Fatcow control panel – it wouldn’t let me enter.  So I called them.  OMG – I have to speak with someone?  Fine!

FTP Client + Kimberly = a 10 car pile up during rush hour on Christmas Eve

The first guy wasn’t very helpful.  He kept going on and on about me fixing it easily via the FTP Client.  Blah blah blah.  First off, I’m at work, I can’t download crap to fix crap here.  Secondly, my mind is thinking of all the hard work that’s paying off on my photography blog, that my new Woo Themes are crashing my world, and then I remember some note about TimThumb on their site.  All this is going on while I’m having Fatcow transfer me from person to person.

I love that a woman was able to dumb it down perfect and explain the situation

I kind of feel sorry for the first guy I was speaking too, because my brain just didn’t function in a way to understand the words that were coming out of his mouth.  It took a dose of estrogen to square me away and from there I took off.  Here is what I did to get my site back up within an hour or so…

Steps that helped me recover from a website meltdown

  1. Not Fatcow’s fault.  They were helping.  It wasn’t Woo Themes fault either – they had the fix already built in, I just needed to activate it (it took seconds).  That doesn’t mean it was my fault either!  *giggle*
  1. Kimberly Castleberry of Just-Ask-Kim.com is a great resource; she had a blog post about TimThumb.  You NEED to bookmark her site and like her Facebook page.  On her site, I learned of Sucuri, which is a site will check your blogs for malware/hacks for free (and you can buy a subscription for continued monitoring).
  1. Downloaded the WordPress plugin, TimThumb Vulnerability Scanner, to help me find out if there were any more active/outdated versions of TimThumb on my site.  I deactivated the plugin after use.

Then someone deleted my theme!!!  MONKEY BUTTS!!!

Until someone allegedly deleted my theme and my site design exploded into something very unattractive.  Thank heavens for back ups.  I just reloaded an earlier back up from the Fatcow server, repeated the above (except for harassing Kimberly) and I was back in business.

I’m sorry this is so wordy, but I wanted to get this out there, because we put in a lot of work into our blogs to loose it all to something we have no control over.  I have problem admitting that I have no clue what I’m doing, but I want to learn, because I plan to be an internet mogul someday soon – TimThumb (the older, unsecure version) will not derail me!

 

Disclaimer: Despite the headache of this day, I still recommend Fatcow as a fantastic hosting service.  On this day, they proved once again that they know what “customer service” means and there are affiliate links to Fatcow in this post.

Related Reading:

Food Blogging For DummiesFood Blogging For Dummies

12 Responses to “It’s a Beee-oootch When TimThumb Opens Your Site’s Back Door”

  1. Marie Cole
    Twitter:

    31. Jan, 2012

    So dumb it down for me a little more…Did you download “TimThumb” originally? I am getting tons of traffic lately and a little more spam than normal do you think I have it?
    Marie Cole recently posted..Baby Got Back SplashMy Profile

    • Kimberly

      31. Jan, 2012

      The TimThumb came with my blogs theme. I updated my theme back in November and that opened the door to all kinds of drama. Once I closed that door, nothing more happened.

      Thanks for stopping by and all the great comments :)
      Playing hard is the only thing that keeps me sane! :)

« Older Comments
More in Blog Repair, General Blogging (25 of 43 articles)