Tag Archives: ziphost

Find and replace all timthumb.php on server – bash script

The recent vulnerablity found in the popular timthumb.php image resizer has hit websites worldwide pretty hard. Pretty easy to deal with if you are just running your own site – just replace the script with the latest version from the source.

If you are running a hosting company, then you have either mitigated the issue somehow, or your helpdesk is probably still hung over from the after effects of exploited timthumb scripts.

So, cutting to the chase, here’s a script that I have used to run through whole cPanel based servers, looking for files called timthumb.php or thumb.php, which contain the text “timthumb” (almost every instance I have seen of the script contains this code in it somewhere).

It then moves/renames the file to something safe, and copies over the latest source from a location you can tweak in the script, and then sets the ownership and permissions correctly (assuming you are running suPHP).

The bash script:

Obviously, the usual disclaimers apply here – You are free to use this script, but NO responsibility can be accepted for anything that goes wrong if you choose to!

This is actually version 2, as it were – I have modified the script so that it now looks for the version number within the script and only updates versions that do not match those shown in the if statement.

#!/bin/bash
IFS="$"
###################################################################
##  timthumb correction                                          ##
###################################################################
 
GOODTHUMB="/root/scripts/timthumb.php"
 
###########################
##  Assign temp file     ##
###########################
TMPFILE="/tmp/healthchk.$$.tmp"
if [ -f ${TMPFILE} ]; then
   rm -f ${TMPFILE}
fi
 
# set pwd to tmp
cd /tmp
 
###########################
##  Create temp file     ##
###########################
setup_temp_file() {
  if [ -e $1 ]; then
     rm -f $1
  fi
  /bin/touch $1
  /bin/chown root:root $1
  /bin/chmod 0600 $1
}
 
##########################################################
##  SCRIPT BEGINS HERE                                  ##
##########################################################
 
echo "This script will check all home directories for timthumb..."
 
unset CPUSER CPHOME
 
/bin/ls -- /var/cpanel/users | /bin/grep -v "\`\|\.\|cpanel\|root\|mysql\|nobody" | while read CPUSER; do
   CPHOME="$(/bin/grep "^${CPUSER}:" /etc/passwd | cut -d':' -f6)/public_html"
   echo -e "\nChecking user ${CPUSER} - home directory = ${CPHOME}"
   echo "Checking ${CPHOME} ... "
   if [ -d ${CPHOME} ]; then
 
     #####################################
     ## Start looking for timthumb!     ##
     #####################################
     setup_temp_file ${TMPFILE} 
 
     /usr/bin/find ${CPHOME} -type f \( -iname "timthumb.php" -o -iname "thumb.php" \) >> ${TMPFILE} 2> /dev/null
     /bin/cat -- ${TMPFILE} | while read TARGET; do
         # every version of the script I have seen contains the string timthumb somewhere
        ISITBUTTER="$(/bin/grep -i timthumb ${TARGET} )"
        THEVERSION="$(/bin/grep -o "VERSION.*'[0-9\.]*'" ${TARGET} | /bin/grep -Eo "[0-9].[0-9]+" )"
        if [ ${#THEVERSION} -gt 1 ]; then # prevent crash on empty variable in next if test
            # You can modify the versions to accept (i.e. not modify) below
            if [ ${#ISITBUTTER} -gt 1 -a ${THEVERSION} != "2.8" -a ${THEVERSION} != "2.7" ]; then
                echo "Found one!: ${TARGET}    version ${THEVERSION}"
                mv ${TARGET} "${TARGET}._removedbykrystal"
                cp ${GOODTHUMB} ${TARGET}
                /bin/chown ${CPUSER}:${CPUSER} ${TARGET}
                /bin/chmod 640 ${TARGET}
            fi
        fi
     done
 
   fi
done
##  Clean up any trace
if [ -e ${TMPFILE} ]; then
   rm -f ${TMPFILE}
fi

 

Secure FTP (SFTP) in Dreamweaver using SSH tunnelling – No shared keys

It’ a bit of a bugbear with many people that Adobe Dreamweaver CS3, CS4, and I think CS5, although supporting SFTP using password authentication, won’t work with SSH public/private keypairs. It’s far more secure to use SSH with a public/private key pair than with straightforward password authentication.

Why is SFTP important?

FTP is about as secure as SMTP email, or Telnet – i.e. every man and his dog can listen in and before you know it, your (not so) local porn pedlars have replaced your website with something sensational. It amazes me constantly that companies that install SSL certificates are happy for their web developers to connect to the web server using plain old FTP, often uploading files containing critical passwords to databases and other external systems.

Securing FTP using SSH tunneling

Read More…

RVSiteBuilder Now Available on Ziphost Business Web Hosting

All of our business web hosting packages at Ziphost.co.uk now offer RVSiteBuilder. For anyone who hasn’t yet seen this package, it offers a way to build and publish your website online, without having to understand HTML code. We have over 700 templates to choose from so there is almost certainly something you can use to get your business off the ground with the minimum expenditure. If you want to see what it can do for you, then contact us to see about getting a demo account set-up (subject to verification). Web hosting with RVSiteBuilder has some great features including:

General

  • Fully integrated to cPanel
  • Unlimited pages and sub-pages for end-user web site
  • Screen resolution 800×600, 1024×768, 1280×1024, 95% and 100%.
  • Backup and restore project
  • Missing project recovering
  • Move your Logo, Company Name and Slogan position
  • Inline Help
  • Embed your code ex. Adsense, Glitter etc.

Read More…

ziphost.co.uk is born


Ziphost is go

Ziphost.co.uk – web hosting with human(e) support

The problem – a few huge names offering hosting for pence, and offering predictably poor support.

The solution – don’t be greedy, just offer high performance hosting for a few quid more, and offer real HUMAN support.

This is the philosophy behind ziphost.co.uk. Ziphost is going to be small, but perfectly formed, offering robust high performance web hosting to small businesses and organisations. We aren’t planning to sell domain names – and strongly recommend anyone not to put their domain registrations and hosting in the same basket for safety’s sake. Read More…