Automatically update all vulnerable timthumb files on Cpanel

timthumb.php is responsible for millions of wordpress hacking so it is important to make sure all timthumb files on Cpanel servers are up to date. It may have any file name (sometimes thumb.php or another) so we have to look in every php file for vulnerable versions and replace them. The script automates this. This can also run as a cron job.

It can take a very long time on busy servers, maybe hours. Be patient, when it finishes, it will list all fixed files.

This script is for Cpanel servers only

wget http://djlab.com/stuff/timthumb-updater-cpanel.sh -O ~/timthumb-updater-cpanel.sh
chmod +x ~/timthumb-updater-cpanel.sh
~/./timthumb-updater-cpanel.sh

2 Responses to Automatically update all vulnerable timthumb files on Cpanel

  1. ev says:

    Hello, thanks for the script. If I wanted to exclude a certain user from being grepped (due to some endless loop) how could I do so?

  2. Randy says:

    You should fix the endless loop — it’s because the user synlinked to root (which is a very bad thing).