I'm trying to figure out a cron job which will copy a file (timthumb.php) from the root of ftp (above public_html) and recursively replace all existing instances of the file throughout the FTP. My linux and cron knowledge is minimal, so I'm hoping someone more experienced may be able to help with this. I'm also open to other ideas if someone has another method for doing this.

The master file would live at:
/timthumb.php

A cron would run daily to replace instances such as:
/public_html/wp-content/themes/xxxxxx/scripts/timthumb.php
or
/public_html/mysite1/tools/timthumb.php

(We're assuming the instance will always be named timthumb.php, so there's no need to look into the content of the file)


The goal of this cron is to prevent old instances of timthumb from existing. I've already search via SSH and replaced all the instances on our accounts. The issue is if one of our clients decides to install a wordpress plugin, it may contain an old version of timthumb, recreating the vulnerability we removed.

Any help or ideas would be greatly appreciated
Thanks
-Sam


You can read about the timthumb exploit here:
http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/

timthumb.php is not the only instance of this. Some themes installed this and called it thumb.php.

Your best bet may be to advise your clients to check with you first before installing and new themes.