Our server was exploited again… even though the latest version of timthumb 2.8.10 was on and the exploit checker plugin shown no problems/threats, site was compromised and server had to be nulled in order to stop the attacks.
its either 2.8.10 has the same exploit or changing from old versions doesn’t help much since it infects other files. We can’t find at the moment were the exploit is still hiding… we cleared all possible places where it could be but no luck. If anyone had the same problem would be much appreciated with some advise… if we find it will let you know. At the moment only solution was to suspended the hosting account for that site completely.
It is much more likely that you have files or changes remaining from the old intrusion. The latest version of TimThumb is secure. You may also want to update all of your passwords to be sure they have not been compromised.