MusTech.Net Live Again After Serious Hack via Timthumb.php Exploit
MusTech.net is Live again! We experienced a significant hack from part of our theme that had an old version of timthumb.php. Despite the fact that I am very vigilant at keeping this site updated and protected, I failed to catch this vulnerability in time, even though I was aware of its existence. This hack was caught within 24 hours of it evolving, but it infected almost every aspect of my site from hijacking browsers to embedding phishing scams in multiple directories.
MusTech.Net has had about 90% of its code re installed and cleaned the site from almost scratch. As you can imagine, this has created quite a bit of unwanted work for me during an already incredibly busy time. I’ve sent of the infected code to the various agencies and hopefully they will get a few folks behind these terrible crimes…
If you would like to read about this hack and how it effects almost every type of blog oriented (and regular Websites as well) read this article:
If you have a WordPress site, you can scan for this vulnerability with this reliable plugin:
Get the Plugin from WordPress here: TimThumb Vulnerability Scanner
You can get the latest, secure version of TimThumb directly here: Timthumb version 2.8.2 – just copy it directly over your old code files. However, even though this patches the entry point, if your site was already hacked, it doesn’t stop any already “planted” code from operating or spreading… it’s tantamount to shutting and locking the suspect door after the murderer is already in the house…
I plan on spending some of the Thanksgiving break and much of the Christmas break working on various music education related activities, and you can bet that some of them will include getting this site back to 100%.
Regards to all and apologies for the down time.