內容簡介
最近 timthumb.php 漏洞(詳情請見此處)讓許多毫不知情的博客作者遭受了黑客攻擊。這種漏洞對技術不熟悉的人來說不是很容易修復,但是對那些惡意攻擊者來說卻很容易找到並利用,導致了大量的網站受損。
Timthumb Vulnerability Scanner WP外掛程式可以掃描您的 wp-content 目錄中所有過時和不安全版本的 timthumb 腳本,而且只需要一個按鈕就可以自動升級它們。這樣做可以保護您免受黑客利用此特定漏洞的攻擊。
當發現新的次要漏洞時,該外掛程式變得更有效動- 可以保持動態更新到最新版本的 timthumb,而無需對插件進行升級。插件現在會定期檢查最新的 timthumb 版本(每次訪問掃描器頁面時都會檢查,但不會超過一天一次),並且可以下載並安裝最新的版本,而不是使用與插件一起附帶的版本。通過wp-cron每天運行掃描來跟踪您安裝的任何新插件或主題(除非您透過掃描器頁面的選項鏈接禁用了掃描)。
更多信息請參見CodeGarage。
特別感謝 Jacob Gillespie 為插件的批量升級功能提供的幫助。
外掛標籤
開發者團隊
② 後台搜尋「Timthumb Vulnerability Scanner」→ 直接安裝(推薦)
原文外掛簡介
The recent Timthumb.php vulnerability (discussed here) has left scores of unsuspecting bloggers hacked. It’s the perfect combination of not so easy to fix for the technically disinclined, and easy to find and exploit for the malicious – resulting in a disastrous number of compromised sites.
The Timthumb Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.
After new, lesser vulnerabilities were found, it became apparent that the plugin needs to be dynamic – able to keep you up to date with the latest version of timthumb, without requiring a plugin upgrade. The plugin now checks for the latest available version of timthumb routinely (each time you visit the scanner page, but no more than once a day), and can download and install the latest version, rather than the one included with the plugin. Scans are run daily (unless you disable them via the options link on the scanner page) via wp-cron to keep up with any new plugins or themes you’ve installed.
More info at CodeGarage.
Special thanks to Jacob Gillespie for help with the bulk upgrade feature.
