Woothemes Thumbnail Test

After the latest update of Woo Framework to version 4 the thumbnails are not working properly, in some way distorted. I haven’t done any posts last week, I’ve been trying to fix the thumbnail issues. I noticed the thumbnail distortion to my previous post and I have to replace it, WordPress generated a new thumbnail and its working great.

Using the FREE Skeptical theme from Woo Themes for a long time so updating the Woo Framework is something to look forward with security and feature enhancement. Thought it was a good practice to update everything, not at all really when things like this happened. Now I got it fixed so I can start posting but I will tell you first how I got it working.

Played with the settings in the theme options from the image resizer and timthumb plugin with no results. I then downloaded the latest version of the theme from WooThemes with the framework version 4 but still the thumbnail issue is not fix. Luckily I got an old version with Woo Framework 3 and it’s working now. Woo Themes does not offer support for the free themes,  just hope that they found a solution for this.

 

 

Bluehost Corrected a Security Risk On My WordPress Account

This blog and two more other was infected by a malware last month where I did some major house cleaning to my Bluehost account. A pain for all self-hosted WordPress users for the vulnerability in the TimThumb {thumb.php}, I contacted support but it was not resolved, I have to do it manually by myself.  Then I received an email from them last 4 days ago that they have corrected a security risk on my account. It’s a big relief for me and felt secure to all my WordPress accounts, all {thumb.php} is updated to the latest version. Here’s the email I got.

 

Dear customer,

This is a courtesy notice that we have found and corrected exploitable timthumb.php file(s) on your ebarrun.com account, which are listed below.  While we have corrected these files, we do recommend you ensure all potential exploits are corrected on your account.  This is best done by updating all scripts, plugins, modules and themes on your account to the latest version.

As the owner of the account, you are responsible for keeping your hosted content free of malicious software.  For technical assistance, you can also reach our chat team from Bluehost.com or by going directly to:

http://www.bluehost.com/chat

The timthumb.php file is a script commonly used in WordPress’s (and other software’s) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more.  After a site has been exploited, it may lead to becoming labeled a “Malicious Website” by Google or other security authorities.

Any timthumb.php file below version 1.35, but above version 1.09 is considered vulnerable, unless patched. To prevent being compromised, we advise you update all instances of timthumb.php to version 2.0, or patch the existing vulnerable files.  Note that patching the files requires more in-depth knowledge of the PHP scripting language.

The updated version of timthumb.php can be found here:

http://timthumb.googlecode.com/svn/trunk/timthumb.php

Additional information regarding the compromise can be found at the following two websites, as well as others; note that all external websites in this email are not affiliated with Bluehost.com in any capacity, and are for your reference only.

http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
http://redleg-redleg.blogspot.com/2011/08/malware-hosted-newportalsecom.html

Note: some information has been deleted for privacy reasons.

 

Though it’s my responsibility to update everything to the latest versions, I’m so delighted for a nice customer service by Bluehost, I now feel more secure than ever.

House Cleaning After A Malware Infection In TimThumb {thumb.php}

I’m doing a major house cleaning right now on this blog, after the accidental deletion of MySQL databases in the server when my purpose is to organize the databases then some bad things happen. It’s time to change my wordpress theme after a security flaw was found in Timthumb.php infecting 3 blogs under the same server. The malware does annoying thing that redirects to a Russian website http://generation-internet.ru/pcollection/index.php, more of this in the woothemes blog.

Self-Hosted WordPress API Endpoint Problem In Flickr

my flickr logo, originally uploaded by swallowtail.

Blogging photos directly from Flickr is posibble and it also support self-hosted wordpress blog. It took some time to figure out “API Endpoint Problem” following the steps in the Help Section of Flickr. The Flickr forum post or topics about the API has expired. Here’s a step by step guide to get it done.

WordPress Blog
In your WordPress dashboard under Settings > Writing > Remote Publishing be sure to check both Atom Publishing Protocol and XML-RPC. Then, in your settings on Flickr for that blog, enter your WordPress API Endpoint; for example: yourdomainame.com/xmlrpc.php

Flickr Account
In your Flickr Account> Sharing & Extending > Your Blogs and Edit. Then Add your Blog, choose WordPress Blog from the dropdown menu. Here’s the crucial part of the this setup. To get WordPress API Endpoint go to your wordpress blog and view the source of your homepage by right clicking and copy the whole link with xmlrpc.php extension . API Endpoint would differ if you have your blogs installed in a subdomain or sub directory. Enter your username and password this will confirm if you own that blog then hit next. Confirm your details and you can tick the check box if you want Flickr to store your password. I find it annoying everytime it ask me for my blog password.

That’s it! all done you can now choose your posting template. If you know a little bit of HTML/CSS you can customize it like borders or fonts of the caption. Now make a test post.