Comments (39)
Yes, I would appreciate an update on this as well.
Original comment by [email protected]
on 20 Nov 2008 at 5:43
from timthumb.
poor web hosting, even I have relleser there, they don't want to solve this
matter.
Original comment by [email protected]
on 27 Nov 2008 at 6:22
from timthumb.
I'm using Lypha Hosting. but this script doesnt work there aswell. :S
Original comment by [email protected]
on 29 Nov 2008 at 9:52
from timthumb.
Does anyone have a link to a website where this happens?
I've not seen the problem so would need ftp access to an account using it so
that I
can try to work out a fix.
If anyone wants me to look then make a support request here -
http://binarymoon.mojohelpdesk.com/tech - with your ftp details and I will take
a
look
Original comment by BinaryMoon
on 9 Jan 2009 at 8:45
- Changed state: Accepted
from timthumb.
i cant use it at http://www.platech.com.tr/tr/bolumler/urunlerimiz
but i can use http://www.erkangenc.com/tr/bolumler/urunlerimiz
both are have same code but different servers.
Original comment by [email protected]
on 21 Feb 2009 at 9:24
from timthumb.
Have we gotten a fix for this yet?
Can you even tell me what I need to tell hostgator so they get this fixed?
because I
just had them whitelist the mod_sec on my domain and it didn't help.
Original comment by [email protected]
on 12 Mar 2009 at 6:37
from timthumb.
can someone try the latest version of the files? I still haven't been given
access to
a server that is having this problem so I have no idea if it's fixed or not but
I've
made changes recently which may help.
Original comment by BinaryMoon
on 14 Mar 2009 at 9:45
from timthumb.
Hi,
I tried this using version 1.07 on my HG server and it doesn't work.
Original comment by david%[email protected]
on 23 Mar 2009 at 2:18
from timthumb.
Hi,
I tried version 1.07 in HostGator, the first time with this usage:
[...]/thumb.php?src=http://www.-.com/wp/wp-content/[...] and it didn't work.
So i contacted HG support and then replied with:
"I have whitelisted mod security rules causing this issue. Please let us know
if you
continue to have issues with thumbnails on wordpress."
I tried again but it didn't work, so I tried modifiying the path without the
domain
this way: [...]/thumb.php?src=/wp/wp-content/[...] and it works on hostgator.
timthumb.php was renamed to thumb.php.
Original comment by [email protected]
on 4 Apr 2009 at 2:51
from timthumb.
Hi Manu
Can you please tell me where you changed the path information without domain
details?
I have host gator and have been working on this issue for about a week without
resolution.
Any assistance apprecaited
Ian Kelly
Original comment by [email protected]
on 7 Apr 2009 at 2:19
from timthumb.
I'm also using Host Gator and I'm looking for a solution, could you please say
Manu
where did you modify the settings?
Original comment by [email protected]
on 7 Apr 2009 at 6:46
from timthumb.
Hi All
I got the following response overnight from Host Gator, it has fixed the
problem for
me, but does not assist for any future installs / theme updates. If anyone more
technical then i could explain what the may have done that would be apprecaited
-------------------------
"Hello,
There was a problem with your initial theme install ontop of the mod_sec rules.
Permissions were set wrong which i have changed and the rules that were
blocking your
theme have since been whitelisted. Thank you for your patience in this matter."
-------------------------
Regards
Ian
Original comment by [email protected]
on 7 Apr 2009 at 10:31
from timthumb.
Hi,
Host Gator have been very good and responsive, basically for each site, simply
ask
them through support to complete the following
add following rules [ 1234234,340151 ] to mod_security for www.yourwebsite.com
Please whitelist for the domain
And you'll be sorted
Regards
Ian
Original comment by [email protected]
on 8 Apr 2009 at 2:35
from timthumb.
quot: [Hi,
Host Gator have been very good and responsive, basically for each site, simply
ask
them through support to complete the following
add following rules [ 1234234,340151 ] to mod_security for www.yourwebsite.com
Please whitelist for the domain
And you'll be sorted
Regards
Ian
]
Hi there,
I had the exact same problem with a free theme from WooThemes and contacted
HostGator
and asked them to do exactly as you said and it worked.
Thank you
Remi Vladuceanu
http://www.remivladuceanu.com
Original comment by [email protected]
on 14 Apr 2009 at 1:53
from timthumb.
I too just got HostGator to whitelist the sec rules, they also adjusted
permissions
and the best I can tell they changed the cache folder and the theme folder back
to
755. After they white listed the sec rules the fix didn't work until I
contacted them
a second time where they reset the permissions.
As far as telling them what you need ... just let them know you have a WordPress
theme that uses TimThumb script and it's returning 404 errors on images, give
them a
link to one of the 404's and they will be able to go from there. (they may not
even
need that much information)
Hope it helps others as I spent nearly 12 hours troubleshooting every known
possibility as well as a few re-installs of the theme.
Good luck and thanks for a great script.
Scott Prock - @ScottProck
http://eTweeple.com
Original comment by [email protected]
on 10 May 2009 at 11:30
from timthumb.
Hostgator will whitelist any modsec rules that you have from their live chat
now.
There are typically 2, but sometimes 3 rules that need to be whitelisted.
340151 AND 340153 AND 1234234
As far as permissions go, they're running phpsuexec, so folders and script
pages need
to be 755 at the highest to work properly, html pages need to be 644.
Original comment by [email protected]
on 23 May 2009 at 1:39
from timthumb.
@tarosic I copy pasted what you said and they knew exactly what to do for it
and did
it within seconds in the live chat, thanks!
Original comment by [email protected]
on 28 Jun 2009 at 6:45
from timthumb.
[deleted comment]
from timthumb.
This was posted on the WooThemes forum, so maybe it will be of help to somebody
here:
Probably need to make this one a sticky post.
Here's the deal. Apache is the actual software on your server that spits out
your
files, and has been designed to accept add-in modules, similar to adding things
to
Firefox, you add "modules" to Apache to do certain things.
Hostgator has installed a special module in their servers to kill spammers,
rootkits,
security violator and server rapers.
Yippeee! It's a part of the apache web server called "mod sec" - i.e. "module
security". mod_sec is kinda tricky to configure, and it's best left to rocket
scientists, and Hostgator went out and got some easy config software from these
people to set up mod_sec so that it kills bad things and lets good things pass:
http://www.atomicorp.com
Atomicorp (Gotroot.com) ModSecurity rules
Just In Time Patches for Vulnerable Applications Rules for modsec 2.x
Created by the Prometheus Group (http://www.prometheus-group.com)
Copyright 2005,2006 and 2007 by the Prometheus Group, all rights reserved.
14121 Parke Long Court
Suite 220
Chantilly
Virginia
20151
E-mail: [email protected]
Telephone: 703-266-6006
Fax: 703-266-6007
The software uses special filter files called "rule sets" like you would
find with firewalls - very programmer oriented - ya gotta be a programmer to
understand most of it.
Their rule sets work with Apache's mod_sec to do the security on your server.
Like any security mechanism, sometimes the guy with the gun is clamping things
down
too tight, for good reason, but winds up killing something you need.
QUICK FIX TO GET YOUR THEME WORKING - You need to have sysadmin skills to
do this - so this is for people like the guy who wrote this post who knows what
to do
if they know where to go - the rest of you will will need to contact Hostgator
to
have them do the rest of this.
By disabling the ruleset in /opt/mod_security/modesecurity.conf by commenting
it out,
and restarting apache your images will magically appear.
Below, you'll see 10_asl_rules.conf commented out with a #, essentially not
including
it in the file load when mod_sec gets loaded.
Include /opt/mod_security/00_asl_whitelist.conf
Include /opt/mod_security/10_asl_antimalware.conf
# Include /opt/mod_security/10_asl_rules.conf
Include /opt/mod_security/20_asl_useragents.conf
Include /opt/mod_security/30_asl_antimalware.conf
Include /opt/mod_security/40_asl_apache2-rules.conf
Include /opt/mod_security/50_asl_rootkits.conf
Include /opt/mod_security/60_asl_recons.conf
Include /opt/mod_security/98_asl_jitp.conf
Include /opt/mod_security/99_asl_jitp.conf
Include /opt/mod_security/whitelist.conf
Restart apache ( at the server's root prompt
#apachectl stop
(you'll see some server daemon shutdown messages)
#apachectl start
Now, that'll kill the ruleset for the moment and get you operational, but
really you
want that ruleset working for you.
You would want to go in and edit out the rule that kills
thumb.php - good luck and then restart apache again.
Perhaps someone else knows which rule this is ...
Original comment by [email protected]
on 21 Aug 2009 at 11:51
from timthumb.
I also had the same problem, the image resizer function (timthumb.php) of the
theme I
used with wordpress didn't work. Even I set the cache folder in Hostgator to
have
permission to read and write already.
After I read the comment of this site
(http://premiumthemes.net/theme-support/tips-n-tutorials/image-not-showing-up-tr
oubleshooting-image-resizer-thumbphp.html)
and do what it say.
I did Live Chat with Hostgator, they took around 30 minutes to resolve the
problem,
finally it works. See how it works go to http://www.buythischeapnow.com
Original comment by [email protected]
on 24 Aug 2009 at 6:31
from timthumb.
HOST GATOR WILL GET IT WORKING REFER THEM TO THIS PAGE AND HAVE THEM LOOK AT
COMMENT 16
Original comment by [email protected]
on 31 Aug 2009 at 5:28
from timthumb.
anyone know how to get it work if i am not with hostgator? but i am running
centOS
with cpanel/whm and apache here.
what must i put into the mod_security configuration?
thanks in advance!
Original comment by [email protected]
on 10 Sep 2009 at 7:31
from timthumb.
If you have only one or two websites, or don't work with any clients, chatting
with
HostGator is all fine and dandy. But, if you have a lot of sites (not just all
on the
same shared hosting account) or if you work with clients who choose the hosting
and
how it gets configured, that isn't really a solution that is workable.
Does anyone know what exactly in the mod_sec rules is being violated? It seems
odd
that a plug-in like this would trigger any of these kind of rules. I'm betting
it is
one step that is just a tad too clever and if we could tweak it, then this whole
issue could go away for everyone (theme developers, site owners, consultants,
etc...)
Or, if we are 100% sure that this all works as intended, then we could start
asking
HostGator to make the modifications necessary by default on all installs of
WordPress.
Original comment by [email protected]
on 20 Sep 2009 at 6:01
from timthumb.
since this seems to be an issue with the host rather than the script I will
mark it
as fixed.
Original comment by BinaryMoon
on 31 Dec 2009 at 5:18
- Changed state: Fixed
from timthumb.
Have the same problem with timthumb and hostgator, just chat with their support
and
they fix it in less than 5 minutes..great!!!
Original comment by lorenz%[email protected]
on 9 Mar 2010 at 7:32
from timthumb.
[deleted comment]
from timthumb.
I am having this same issue, but when I contacted hostgator and referred them
to the
information here they said they tried all of it, but the problem is persisting!
They
said :
I apologize Jessie, the issue appears to be with the script of the theme itself
rather than mod_sec now. The mod_sec issue was fixed, and I even ran it by an
admin
and they said the same thing. I'd talk to them and have them figure out why
they're
script doesn't load from the thumb.php file properly.
Can anyone help me? my blog is at morrisfisherblog.com
Original comment by [email protected]
on 15 Mar 2010 at 7:32
from timthumb.
jessie - why don't you post in the WooThemes forum if you are using a WooTheme?
Your
thumbnails are working though http://is.gd/5V1Ia
Original comment by [email protected]
on 15 Mar 2010 at 7:42
from timthumb.
This saved me from bashing my head into my computer out of frustration. Thank
you!
Original comment by [email protected]
on 15 Mar 2010 at 9:26
from timthumb.
I also hit this problem yesterday. Started a new hostgator chat, told them
simply that
"An apache mod_sec rule is preventing a script (timthumb.php) from running on
my site.
Could you please whitelist my domain so it is allowed to run?" and it was
resolved in
minutes.
I should also note that the script is pulling the full image URL (including
http://) and
generating everything just fine. You can see it in action here:
http://seedplanted.org
Original comment by [email protected]
on 16 Mar 2010 at 12:44
from timthumb.
[deleted comment]
from timthumb.
Thank you for information, this is is great! I host at hawkhiost and ask them
to read
this thread as they also clear mod_sec rules for the domain, and it works.
AS you can see at http://taxbanking.com but inage on old posts can't be seen
Original comment by surajama
on 29 Apr 2010 at 5:03
from timthumb.
http://www.google.com/url?sa=t&source=web&ct=res&cd=3&ved=0CCEQFjAC&url=http%3A%
2F%2Fwww.elegantthemes.com%2Fhostgator.pdf&ei=gRPqS4GNOIG0lQeXo4TVCg&usg=AFQjCNE
4jyl9gTJRQfZy-z_8nSaKZOkoSg&sig2=TT_gC-iwGQEf_bwUpvla_g
Original comment by [email protected]
on 12 May 2010 at 2:59
from timthumb.
i got some problem with thumbnail at my site. i have change the chmod
permission for the file, but it doesn't running well done. any one could
suggest me some idea ? please feel free to find it at http://www.onlinejolie.com
thanks much 4 your advice.
Original comment by [email protected]
on 28 Oct 2010 at 4:04
from timthumb.
i purchased the template VIDEOZOOM and I am hosted with hostgator, I contacted
them about changing the permissions like it said in the thread and they said
they do not taper to third party scripts. I'm locked in with them for a year so
is there any other solutions or can i get a refund for the template?
Original comment by [email protected]
on 25 Feb 2011 at 3:47
from timthumb.
I am on hostgator as well. They said it's all in the script.
Original comment by [email protected]
on 1 Mar 2011 at 12:23
from timthumb.
Usually its only a mod_security rule that needs to be whitelisted, if you
havent installed and configured the script correctly then there is nothing your
host can do to resolve this.
mod_security helps protect websites from injections, poor webhosting is when
your website gets hacked over and over because the server didnt have
mod_security installed and somebody found a hole in your beloved contact form
that you made yourself or copied the code from the net.
Original comment by [email protected]
on 6 Apr 2011 at 5:00
from timthumb.
how to fix my site from this error? can somebody explain me easily and simply
how to do this thing?
Original comment by [email protected]
on 17 May 2011 at 1:48
from timthumb.
Gatohost alread know this issue, found this for easy fix,
http://support.hostgator.com/articles/specialized-help/technical/timthumb-basics
Just ask for it from their support.
Original comment by [email protected]
on 22 May 2011 at 4:57
from timthumb.
Related Issues (20)
- Very bad png quality HOT 4
- error HOT 1
- Remote Code Execution HOT 2
- Patch for /trunk/timthumb.php
- cache files after error
- timthumb.php?src=http://flickr.com.curcubeu.eu/login.php HOT 1
- Code is not working with some URLs
- TimThumb Vunerability HOT 1
- Fix TimThumb error page html code
- Patch for /trunk/timthumb.php
- Please patch render on Windows 8.1 on with PHP 5.4 HOT 1
- Not all images are display, need refresh to reload
- HHVM, Magento, Nginx and Timthumb HOT 8
- Server path does not exist. Ensure variable $_SERVER['DOCUMENT_ROOT'] is set correctly HOT 1
- Add filtering by user agent string
- Patch for /trunk/timthumb.php
- Not images displaying
- themes avec clé
- Patch for /trunk/timthumb.php
- /trunk/timthumb.php
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from timthumb.