Old Version of Tim Thumb

  • Resolved dalehudson26

    (@dalehudson26)


    1 year, 11 months ago

    Hello, I carried out a site scan today via wordFence and the scane reported a critical issue
    Filename: /homepages/6/d4296897550/htdocs/wordpress/.opcache/0d2ea278101ca27c57f9b713592df066/homepages/6/d4296897550/htdocs/wordpress/wp-content/plugins/wordfence/lib/wordfenceScanner.php.bin
    File Type: Not a core, theme, or plugin file from www.remarpro.com.
    Details: This file appears to be an old version of the TimThumb script which makes your system vulnerable to attackers. Please upgrade the theme or plugin that uses this or remove it.

    Is there a way I can check which plugin/theme is causing the issue?
    Any advice on how to fix this issue would be appreciated. Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @dalehudson26,

    At first sight of wordfenceScanner.php.bin, rather than the .php file I’d normally expect to see, it could be linked to malware or it could be leftovers from a failed/old plugin update. I suggest following the instructions and using your hosts’ file manager or FTP to remove the php.bin version of this file manually from the path shown. Your host can help if you’re not confident navigating the filesystem of your site.

    If you haven’t already updated all of your themes and plugins too, it’s probably worth doing so after taking a full site backup.

    I can provide site-cleaning instructions if the issue returns after manual deletion, which could suggest another script is creating it.

    Thanks,

    Peter.

    I had the same thing today, deleted all the files (maybe 6)? that were suggested by this message, but I don’t know how to find the culprit. I just updated the theme today. This is a site under construction, so I don’t have anything too old; most of the plug-ins I use on multiple sites (we all have our favorites, right?) and I have not yet seen this on others (only in one other dashboard today).

    I just did a new scan; this is the name of the single file I was asked to delete:
    /homepages/14/d4296767180/htdocs/wordpress/.opcache/0d2ea278101ca27c57f9b713592df066/homepages/14/d4296767180/htdocs/wordpress/wp-content/plugins/wordfence/lib/wordfenceScanner.php.bin

    Does that help track down the problem?

    • This reply was modified 1 year, 11 months ago by sallijane.
    Plugin Support wfpeter

    (@wfpeter)

    Hi @sallijane, you may need to open a new topic as we do request that each topic concentrates on the issue of one specific user just so that multiple possible solutions don’t get jumbled up.

    However, because the file you’re seeing is in .opcache, I think you could just clear your OPCache from your hosting control panel and this file would stop reporting. It just seems to be a cached version of the file you’ve deleted.

    Thanks,

    Peter.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Old Version of Tim Thumb’ is closed to new replies.

Tags