We’ve been plagued with issues due to using timthumb, which is a image resizing script used by millions of people all over the world.
Despite updating the version we were using many moons ago, we found that certain sites were still being exploited, and it seems that no matter how many updates we did to the script, people keep finding ways to screw it over.d
So DJB being the wizard that he is, during his morning energy drink we realised that we could quite simply solve this issue, by dropping this in the .htaccess file in the timthumb cache directory and temp folder
php_flag engine off
It just stops PHP file from being run in the directories its been put in – meaning that timthumb can never be used to screw peoples websites over, ever again.
He actually got the idea from one of the people who screwed us over exploiting timthumb!
Thanks, haxx0rs!