Version Description
- Added SSL support for definition updates and registration form.
- Upgraded the Whitelist feature so the it could not contain duplicates.
Download this release
Release Info
| Developer | scheeeli |
| Plugin |  Anti-Malware Security and Brute-Force Firewall |
| Version | 3.07.06 |
| Comparing to | |
| See all releases | |
Code changes from version 1.3.02.15 to 3.07.06
- definitions_update.txt +2 -0
- images/index.php +1 -1
- index.php +9 -7
- readme.txt +68 -15
- safe-load.php +2 -0
- screenshot-1.png +0 -0
- screenshot-2.png +0 -0
- screenshot-3.png +0 -0
- screenshot-4.png +0 -0
- screenshot-5.png +0 -0
definitions_update.txt
ADDED
|
@@ -0,0 +1,2 @@
|
|
|
|
|
|
|
| 1 |
+
//code removed, no longer compatible:wq
|
| 2 |
+
|
images/index.php
CHANGED
|
@@ -1,2 +1,2 @@
|
|
| 1 |
-
<?php
|
| 2 |
//code removed, no longer compatible
|
| 1 |
+
<?php
|
| 2 |
//code removed, no longer compatible
|
index.php
CHANGED
|
@@ -7,9 +7,15 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
|
| 7 |
Contributors: scheeeli
|
| 8 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 9 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
| 10 |
-
Version:
|
| 11 |
*/
|
| 12 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13 |
|
| 14 |
This program is free software; you can redistribute it and/or modify
|
| 15 |
it under the terms of the GNU General Public License as published by
|
|
@@ -25,9 +31,5 @@ Version: 1.3.02.15
|
|
| 25 |
along with this program; if not, write to the Free Software
|
| 26 |
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
| 27 |
*/
|
| 28 |
-
/**
|
| 29 |
-
* GOTMLS Main Plugin File
|
| 30 |
-
* @package GOTMLS
|
| 31 |
|
| 32 |
-
code removed, no longer compatible
|
| 33 |
-
*/
|
| 7 |
Contributors: scheeeli
|
| 8 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 9 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
| 10 |
+
Version: 3.07.06
|
| 11 |
*/
|
| 12 |
+
|
| 13 |
+
/**
|
| 14 |
+
* GOTMLS Main Plugin File
|
| 15 |
+
* @package GOTMLS
|
| 16 |
+
*/
|
| 17 |
+
|
| 18 |
+
/* Copyright 2012-2013 Eli Scheetz (email: eli@gotmls.net)
|
| 19 |
|
| 20 |
This program is free software; you can redistribute it and/or modify
|
| 21 |
it under the terms of the GNU General Public License as published by
|
| 31 |
along with this program; if not, write to the Free Software
|
| 32 |
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
| 33 |
*/
|
|
|
|
|
|
|
|
|
|
| 34 |
|
| 35 |
+
//code removed, no longer compatible
|
|
|
readme.txt
CHANGED
|
@@ -4,9 +4,9 @@ Author: Eli Scheetz
|
|
| 4 |
Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
| 5 |
Contributors: scheeeli
|
| 6 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 7 |
-
Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, recover, hacked, server, malicious, scripts, infection, timthumb, exploit, vulnerability
|
| 8 |
-
Version:
|
| 9 |
-
Stable tag:
|
| 10 |
Requires at least: 2.8
|
| 11 |
Tested up to: 3.5.1
|
| 12 |
|
|
@@ -19,10 +19,11 @@ This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like th
|
|
| 19 |
* Automatic removal of "Known Threats".
|
| 20 |
* Download definitions of new threat as they are discovered.
|
| 21 |
* Automatically upgrade vulnerable versions of timthumb to patch security holes.
|
|
|
|
| 22 |
* Customize Scan Setting.
|
| 23 |
* Run a Quick Scan from the admin menu or a Complete Scan from the Settings Page.
|
| 24 |
|
| 25 |
-
Updated
|
| 26 |
|
| 27 |
Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
|
| 28 |
|
|
@@ -36,13 +37,9 @@ NOTICE: This plugin make use of a "phone home" feature to check for updates. Thi
|
|
| 36 |
|
| 37 |
== Frequently Asked Questions ==
|
| 38 |
|
| 39 |
-
=
|
| 40 |
-
|
| 41 |
-
This was most likely a random attack on your file-system by a hacker's robot/virus (automated script). This is usually because you are running an older version of WordPress or have installed a Plugin or Theme with vulnerabilities, or because your site is on a shared server with other exploitable sites that got infected. In some cases it's possible that your hosting provider got hacked at a root level and all their clients on that machine got infected.
|
| 42 |
-
|
| 43 |
-
= What can I do to prevent it from happening again? =
|
| 44 |
|
| 45 |
-
|
| 46 |
|
| 47 |
= Why can't I automatically remove the "Potential Threats" in yellow? =
|
| 48 |
|
|
@@ -52,21 +49,56 @@ Many of these files may use eval and other powerful PHP function for perfectly l
|
|
| 52 |
|
| 53 |
Click on the linked filename, then click each numbered link above the file content box to highlight the suspect code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to the definitions file as a "Know Threats", then it can be automatically removed. If you want me to examine your files please consider making a donation.
|
| 54 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 55 |
= What if the scan gets stuck part way through? =
|
| 56 |
|
| 57 |
First just leave it for a while. If there are a lot of files on your server it could take quite a while and could sometimes appear to not be moving along at all even if it really is working. If, after a while, it still seems really stuck then try the Complete Scan or try running the scan again. If it stops in the exact same place then you may want to try to figure out what file in that folder is causing it to hang or avoid scanning that folder all together. If you figure it out let me know what it was and I will try and make the program find it's own way around that problem.
|
| 58 |
|
| 59 |
-
=
|
|
|
|
|
|
|
|
|
|
|
|
|
| 60 |
|
| 61 |
-
|
| 62 |
|
| 63 |
== Screenshots ==
|
| 64 |
|
| 65 |
-
1. The menu showing Anti-Malware.
|
| 66 |
-
2.
|
|
|
|
|
|
|
|
|
|
| 67 |
|
| 68 |
== Changelog ==
|
| 69 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 70 |
= 1.3.02.15 =
|
| 71 |
* Improved security on the Quarantine directory to fix the 500 error on some servers.
|
| 72 |
|
|
@@ -80,7 +112,7 @@ If you register on [GOTMLS.NET](http://gotmls.net/) you will have access to new
|
|
| 80 |
|
| 81 |
= 1.2.12.29 =
|
| 82 |
* Brought back the TimThumb and htaccess scan categories.
|
| 83 |
-
* Added a scan category for
|
| 84 |
|
| 85 |
= 1.2.12.14 =
|
| 86 |
* Fixed bugs in the last release.
|
|
@@ -188,6 +220,27 @@ If you register on [GOTMLS.NET](http://gotmls.net/) you will have access to new
|
|
| 188 |
|
| 189 |
== Upgrade Notice ==
|
| 190 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 191 |
= 1.3.02.15 =
|
| 192 |
Improved security on the Quarantine directory to fix the 500 error on some servers.
|
| 193 |
|
| 4 |
Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
| 5 |
Contributors: scheeeli
|
| 6 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 7 |
+
Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, recover, hacked, server, malicious, scripts, infection, timthumb, exploit, vulnerability, block, brute force, wp-login, patch
|
| 8 |
+
Version: 3.07.06
|
| 9 |
+
Stable tag: 3.07.06
|
| 10 |
Requires at least: 2.8
|
| 11 |
Tested up to: 3.5.1
|
| 12 |
|
| 19 |
* Automatic removal of "Known Threats".
|
| 20 |
* Download definitions of new threat as they are discovered.
|
| 21 |
* Automatically upgrade vulnerable versions of timthumb to patch security holes.
|
| 22 |
+
* Automatically patch wp-login.php to block brute-force attacks.
|
| 23 |
* Customize Scan Setting.
|
| 24 |
* Run a Quick Scan from the admin menu or a Complete Scan from the Settings Page.
|
| 25 |
|
| 26 |
+
Updated July-6th
|
| 27 |
|
| 28 |
Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
|
| 29 |
|
| 37 |
|
| 38 |
== Frequently Asked Questions ==
|
| 39 |
|
| 40 |
+
= Why should I register? =
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41 |
|
| 42 |
+
If you register on [GOTMLS.NET](http://gotmls.net/) you will have access to new definitions of New Threats and added features like automatic removal and patches for specific security threats and vulnerabilities like old versions of timthumb and brute-force attacks on wp-login.php. Otherwise, this plugin only scans for "Potential Threats" on your site, it would then be up to you to identify the good from the bad and remove them accordingly.
|
| 43 |
|
| 44 |
= Why can't I automatically remove the "Potential Threats" in yellow? =
|
| 45 |
|
| 49 |
|
| 50 |
Click on the linked filename, then click each numbered link above the file content box to highlight the suspect code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to the definitions file as a "Know Threats", then it can be automatically removed. If you want me to examine your files please consider making a donation.
|
| 51 |
|
| 52 |
+
= Why does the wp-login.php file show up as a vulnerability (even on a fresh install of WordPress)? =
|
| 53 |
+
|
| 54 |
+
The WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. This plugin can apply a patch that will block access to the WordPress Login page whenever this type of attack is detected. For more information on this subject [read my blog](http://gotmls.net/tag/wp-login-php/).
|
| 55 |
+
|
| 56 |
= What if the scan gets stuck part way through? =
|
| 57 |
|
| 58 |
First just leave it for a while. If there are a lot of files on your server it could take quite a while and could sometimes appear to not be moving along at all even if it really is working. If, after a while, it still seems really stuck then try the Complete Scan or try running the scan again. If it stops in the exact same place then you may want to try to figure out what file in that folder is causing it to hang or avoid scanning that folder all together. If you figure it out let me know what it was and I will try and make the program find it's own way around that problem.
|
| 59 |
|
| 60 |
+
= How did I get hacked in the first place? =
|
| 61 |
+
|
| 62 |
+
This was most likely a random attack on your file-system by a hacker's robot/virus (automated script). This is usually because you are running an older version of WordPress or have installed a Plugin or Theme with vulnerabilities, or because your site is on a shared server with other exploitable sites that got infected. In some cases it's possible that your hosting provider got hacked at a root level and all their clients on that machine got infected.
|
| 63 |
+
|
| 64 |
+
= What can I do to prevent it from happening again? =
|
| 65 |
|
| 66 |
+
There is no sure-fire way to protect your site from any kind of hack attempt. That said, some of the basic steps should include: hardening your password, keeping all your sites up-to-date, and regular scans with Anti-Malware software like [GOTMLS.NET](http://gotmls.net/)
|
| 67 |
|
| 68 |
== Screenshots ==
|
| 69 |
|
| 70 |
+
1. The menu showing Anti-Malware options.
|
| 71 |
+
2. The Scan Setting page in the admin.
|
| 72 |
+
3. An example scan that found some threats.
|
| 73 |
+
4. The results window when "Automatic Repair" fixes threats.
|
| 74 |
+
5. The Quarantine showing threats that have been fix already.
|
| 75 |
|
| 76 |
== Changelog ==
|
| 77 |
|
| 78 |
+
= 3.07.06 =
|
| 79 |
+
* Added SSL support for definition updates and registration form.
|
| 80 |
+
* Upgraded the Whitelist feature so the it could not contain duplicates.
|
| 81 |
+
|
| 82 |
+
= 1.3.05.31 =
|
| 83 |
+
* Downgraded the WP-Login threat and changed it to an opt-in fix.
|
| 84 |
+
|
| 85 |
+
= 1.3.05.14 =
|
| 86 |
+
* Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
|
| 87 |
+
|
| 88 |
+
= 1.3.05.13 =
|
| 89 |
+
* Fixed two bugs in the last release.
|
| 90 |
+
|
| 91 |
+
= 1.3.05.11 =
|
| 92 |
+
* Added ability to whitelist files.
|
| 93 |
+
|
| 94 |
+
= 1.3.04.19 =
|
| 95 |
+
* Fixed a major bug in yesterdays release broke the login page on some sites.
|
| 96 |
+
|
| 97 |
+
= 1.3.04.17 =
|
| 98 |
+
* Added a patch for the wp-login.php brute force attack that has been going around.
|
| 99 |
+
* Created a process to restore files from the Quarantine.
|
| 100 |
+
* Fixed a few other small bugs including path issues on Winblows server.
|
| 101 |
+
|
| 102 |
= 1.3.02.15 =
|
| 103 |
* Improved security on the Quarantine directory to fix the 500 error on some servers.
|
| 104 |
|
| 112 |
|
| 113 |
= 1.2.12.29 =
|
| 114 |
* Brought back the TimThumb and htaccess scan categories.
|
| 115 |
+
* Added a scan category for Backdoor Scripts.
|
| 116 |
|
| 117 |
= 1.2.12.14 =
|
| 118 |
* Fixed bugs in the last release.
|
| 220 |
|
| 221 |
== Upgrade Notice ==
|
| 222 |
|
| 223 |
+
= 3.07.06 =
|
| 224 |
+
Added SSL support for definition updates and upgraded the Whitelist feature.
|
| 225 |
+
|
| 226 |
+
= 1.3.05.31 =
|
| 227 |
+
Downgraded the WP-Login threat and changed it to an opt-in fix.
|
| 228 |
+
|
| 229 |
+
= 1.3.05.14 =
|
| 230 |
+
Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
|
| 231 |
+
|
| 232 |
+
= 1.3.05.13 =
|
| 233 |
+
Fixed two bugs in the last release.
|
| 234 |
+
|
| 235 |
+
= 1.3.05.11 =
|
| 236 |
+
Added ability to whitelist files.
|
| 237 |
+
|
| 238 |
+
= 1.3.04.19 =
|
| 239 |
+
Fixed a major bug in yesterdays release broke the login page on some sites.
|
| 240 |
+
|
| 241 |
+
= 1.3.04.17 =
|
| 242 |
+
Added a patch for the wp-login.php brute force attack and fixed a few other small bugs.
|
| 243 |
+
|
| 244 |
= 1.3.02.15 =
|
| 245 |
Improved security on the Quarantine directory to fix the 500 error on some servers.
|
| 246 |
|
safe-load.php
ADDED
|
@@ -0,0 +1,2 @@
|
|
|
|
|
|
|
| 1 |
+
<?php
|
| 2 |
+
//code removed, no longer compatible
|
screenshot-1.png
CHANGED
|
Binary file
|
screenshot-2.png
CHANGED
|
Binary file
|
screenshot-3.png
ADDED
|
Binary file
|
screenshot-4.png
ADDED
|
Binary file
|
screenshot-5.png
ADDED
|
Binary file
|
