This Bland Drudge

blog.johnnydale.com
Hi, I'm Johnny Dale, the author of the YA serial The Darling Budds. Rearrange the letters and you get This Bland Drudge, where I post links and images that fans of the Budds might find interesting.
 

If you'd like to get in touch, just send an email , follow my Twitter, or ask a question.

Ask Me
  • September 24, 2011 6:01 pm

    If you have a Wordpress site, this is sorta important: there’s a Wordpress vulnerability going around you should know about.

    Basically, the issue is with a third party component called TimThumb that handles image resizing. Not every theme has it, but a whole lot of them do. If your site automatically makes thumbnails or does stuff with “featured images,” there’s a good chance you probably use TimThumb.

    The hack causes your site to serve up a bunch of pop-ups and redirects. It’s not destructive, just annoying. But here’s all you have to do to protect yourself:

    1. Go to wherever you keep the actual files for the website. Not the Wordpress Dashboard, I mean the place where all the files and folders are kept. If your host offers CPanel, it’s an icon called File Manager.

    2. Navigate to your themes’ folder. That would be /wp-content/themes/[your active theme].

    3. Find the file called timthumb.php. It’s gonna be in different place in every theme. It’s probably in a folder called something like Functions or Includes or Scripts.

    4. Go to this site: http://code.google.com/p/timthumb/ and download the most recent version of the file: http://timthumb.googlecode.com/svn/trunk/timthumb.php

    5. Delete the file, then upload the new one in its place.

    That’s it! Here are a few optional (but recommended) steps you can do:

    • Update Wordpress, all your themes, and your plugins to their most current versions. Okay, this one isn’t exactly optional…it’s actually vital to keeping a WP site secure.
    • Actually, if you DID have timthumb on your site, go ahead and go to Update and click Reinstall Wordpress, even if you’re already running the most current version. Can’t be too safe.
    • Delete any deactivated plugins.
    • Delete every theme aside from the one you’re currently using.
    • Delete any inactive users. You could also force all your users to change their passwords. Not for any specific reason, but people are terrible at passwords and they could probably stand to be changed, ha ha.
    • If your login name is Admin, create a new admin with a different username and then delete Admin. Hackerbots need both your username and password to log in, and using “admin” gives them half of what they need. (I’ll admit that this one never occurred to me.)

    So…that’s everything. It’s not a huge deal, I’m just trying to let everyone know what’s up. I hope this helps.

"Well Liked" by Peter Vidani. For Tumblr.
© 2009–2012 This Bland Drudge