Anti-Malware Security and Brute-Force Firewall

Version Description

Block SoakSoak and other malware from exploiting the Slider Revolution Vulnerability (THIS IS A WIDESPREAD THREAT RIGHT NOW).

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.14.51
Comparing to
See all releases

Code changes from version 4.14.50 to 4.14.51

Files changed (5) hide show

images/index.php +7 -8
index.php +57 -42
languages/gotmls.pot +22 -2
readme.txt +23 -13
safe-load/index.php +3 -3

images/index.php CHANGED Viewed

	@@ -6,7 +6,7 @@
6
7	define("GOTMLS_local_images_path", dirname(__FILE__)."/");
8
9	- if (isset($_SERVER["SCRIPT_FILENAME"]) && __FILE__ == $_SERVER["SCRIPT_FILENAME"]) {
10	header("Content-type: image/gif");
11	$img_src = GOTMLS_local_images_path.'GOTMLS-16x16.gif';
12	if (!(file_exists($img_src) && $img_bin = @file_get_contents($img_src)))
	@@ -16,7 +16,7 @@ if (isset($_SERVER["SCRIPT_FILENAME"]) && __FILE__ == $_SERVER["SCRIPT_FILENAME"
16	@error_reporting(0);
17
18	define("GOTMLS_plugin_dir", "gotmls");
19	- define("GOTMLS_Version", "4.14.50");
20	define("GOTMLS_require_version", "3.0");
21	define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
22	define("GOTMLS_Run_Complete_Scan_LANGUAGE", __("Run Complete Scan",'gotmls'));
	@@ -37,10 +37,7 @@ define("GOTMLS_Scan_Details_LANGUAGE", __("Scan Details:",'gotmls'));
37	define("GOTMLS_Last_Scan_Status_LANGUAGE", __("Scan Status",'gotmls'));
38	define("GOTMLS_update_images_path", "/wp-content/plugins/update/images/");
39	define("GOTMLS_siteurl", get_option("siteurl"));
40	- if (~~isset($_SERVER[~~"~~DOCUMENT_ROOT~~"]) ~~&& strpos~~(~~$_SERVER["DOCUMENT_ROOT"]~~, ~~GOTMLS_local_images_path~~) ~~=== 0~~)
41	- define("GOTMLS_images_path", str_replace($_SERVER["DOCUMENT_ROOT"], "", GOTMLS_local_images_path));
42	- else
43	- define("GOTMLS_images_path", GOTMLS_siteurl.str_replace("update", basename(dirname(GOTMLS_local_images_path)), GOTMLS_update_images_path));
44	define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
45
46	$GLOBALS["GOTMLS"] = array("tmp"=>array("mt"=>((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)), "default_ext"=>"ieonly."));
	@@ -64,6 +61,8 @@ $GOTMLS_scanfiles = array();
64	$GOTMLS_skip_ext = array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf");
65	$GOTMLS_skip_dirs = array(".", "..");
66	$GOTMLS_settings_array = get_option('GOTMLS_settings_array', array());


67	if (!(isset($GOTMLS_settings_array["msg_position"]) && is_array($GOTMLS_settings_array["msg_position"]) && count($GOTMLS_settings_array["msg_position"]) == 4))
68	$GOTMLS_settings_array["msg_position"] = array('80px', '40px', '400px', '600px');
69	if (!isset($GOTMLS_settings_array["menu_group"]))
	@@ -289,7 +288,7 @@ if (isset($_SESSION["GOTMLS_debug"])){ $file_time = round(microtime(true) - $_
289	$threat_link = '<a target="GOTMLS_iFrame" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.$clean_file.'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, '<div style="float: left;">Examine File ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" class="GOTMLS_plugin">';
290	if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
291	$file_date = explode(".", array_pop(GOTMLS_explode_dir($file)));
292	- if (~~GOTMLS_get_ext($file) == "gotmls" &&~~ GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
293	if ($_POST["GOTMLS_fixing"] > 1 && @unlink($file))
294	$GOTMLS_file_contents = "";
295	elseif (count($file_date) > 1 && $GOTMLS_new_contents = @file_get_contents($file))
	@@ -341,7 +340,7 @@ if (isset($_SESSION["GOTMLS_debug"])){ $file_time = round(microtime(true) - $_
341	return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
342	} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
343	$file_date = explode(".", array_pop(GOTMLS_explode_dir($file)));
344	- if (~~GOTMLS_get_ext($file) == "gotmls" &&~~ GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
345	if ($_POST["GOTMLS_fixing"] > 1 && @unlink($file)) {
346	$GOTMLS_file_contents = "";
347	$msg = __("Deleted!",'gotmls');


6
7	define("GOTMLS_local_images_path", dirname(__FILE__)."/");
8
9	+ if ((isset($_SERVER["SCRIPT_FILENAME"]) && substr(__FILE__, -1 * strlen($_SERVER["SCRIPT_FILENAME"])) == substr($_SERVER["SCRIPT_FILENAME"], -1 * strlen(__FILE__))) \|\| !defined("GOTMLS_plugin_path")) {
10	header("Content-type: image/gif");
11	$img_src = GOTMLS_local_images_path.'GOTMLS-16x16.gif';
12	if (!(file_exists($img_src) && $img_bin = @file_get_contents($img_src)))

16	@error_reporting(0);
17
18	define("GOTMLS_plugin_dir", "gotmls");
19	+ define("GOTMLS_Version", "4.14.51");
20	define("GOTMLS_require_version", "3.0");
21	define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
22	define("GOTMLS_Run_Complete_Scan_LANGUAGE", __("Run Complete Scan",'gotmls'));

37	define("GOTMLS_Last_Scan_Status_LANGUAGE", __("Scan Status",'gotmls'));
38	define("GOTMLS_update_images_path", "/wp-content/plugins/update/images/");
39	define("GOTMLS_siteurl", get_option("siteurl"));
40	+ define("GOTMLS_images_path", plugins_url('/', __FILE__));



41	define("GOTMLS_installation_key", md5(GOTMLS_siteurl));
42
43	$GLOBALS["GOTMLS"] = array("tmp"=>array("mt"=>((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)), "default_ext"=>"ieonly."));

61	$GOTMLS_skip_ext = array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf");
62	$GOTMLS_skip_dirs = array(".", "..");
63	$GOTMLS_settings_array = get_option('GOTMLS_settings_array', array());
64	+ if (isset($_GET['img']) && substr(strtolower($_SERVER["SCRIPT_FILENAME"]), -15) == "/admin-ajax.php" && !in_array(GOTMLS_get_ext($_GET['img']), $GOTMLS_skip_ext))
65	+ include(dirname(__FILE__)."/../safe-load/index.php");
66	if (!(isset($GOTMLS_settings_array["msg_position"]) && is_array($GOTMLS_settings_array["msg_position"]) && count($GOTMLS_settings_array["msg_position"]) == 4))
67	$GOTMLS_settings_array["msg_position"] = array('80px', '40px', '400px', '600px');
68	if (!isset($GOTMLS_settings_array["menu_group"]))

288	$threat_link = '<a target="GOTMLS_iFrame" href="'.GOTMLS_script_URI.'&GOTMLS_scan='.$clean_file.'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, '<div style="float: left;">Examine File ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" class="GOTMLS_plugin">';
289	if (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
290	$file_date = explode(".", array_pop(GOTMLS_explode_dir($file)));
291	+ if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
292	if ($_POST["GOTMLS_fixing"] > 1 && @unlink($file))
293	$GOTMLS_file_contents = "";
294	elseif (count($file_date) > 1 && $GOTMLS_new_contents = @file_get_contents($file))

340	return GOTMLS_return_threat($className, $imageFile, $file, str_replace("GOTMLS_plugin", "GOTMLS_plugin $className", $threat_link));
341	} elseif (isset($_POST["GOTMLS_fix"]) && is_array($_POST["GOTMLS_fix"]) && in_array($clean_file, $_POST["GOTMLS_fix"])) {
342	$file_date = explode(".", array_pop(GOTMLS_explode_dir($file)));
343	+ if (GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == substr($file, 0, strlen(GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])))) {
344	if ($_POST["GOTMLS_fixing"] > 1 && @unlink($file)) {
345	$GOTMLS_file_contents = "";
346	$msg = __("Deleted!",'gotmls');

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.14.50
12	*/
13	/* ___
14	* / /\ GOTMLS Main Plugin File
	@@ -31,7 +31,8 @@ Version: 4.14.50
31	* \ \::/ with this program; if not, write to the Free Software Foundation,
32	* \__\/ Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
33
34	- if (isset($_SERVER["SCRIPT_FILENAME"]) && __FILE__ == $_SERVER["SCRIPT_FILENAME"]) ~~die~~(~~'You~~ ~~are~~ ~~not~~ ~~allowed to call this page directly.<p>You could try starting <a href="/">here</a>.'~~);

35
36	define("GOTMLS_plugin_path", dirname(__FILE__).'/');
37	load_plugin_textdomain('gotmls', false, basename(GOTMLS_plugin_path).'/languages');
	@@ -107,7 +108,7 @@ function GOTMLS_display_header($optional_box = "") {
107	get_currentuserinfo();
108	$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
109	if (isset($_GET["check_site"]) && $_GET["check_site"] == 1)
110	- echo '<~~br /><br /><~~div class="updated" id="check_site" style="z-index: 1234567; ~~position: absolute; top: 1px; left: 1px; margin: 15px;~~"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.GOTMLS_Tested_your_site_LANGUAGE.' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><~~iframe~~ ~~style="width:~~ ~~230px; height: 110px; position: absolute; right: 4px; bottom: 4px; border: none;" scrolling~~="no" ~~src~~="https://wordpress.org/plugins/gotmls/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1#compatibility-works"~~></iframe><~~a target="_blank" href="https://wordpress.org/~~plugins~~/gotmls~~/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1~~#~~compatibility-works~~"~~><span~~ ~~style="width:~~ ~~234px; height: 82px; position: absolute; right: 4px; bottom: 36px;~~"~~></span><span style=~~"~~width:~~ ~~345px; height: 32px; position: absolute; right: 84px; bottom: 4px;"~~>~~Vote~~ ~~"Works"~~ on WordPress.org ~~-></span></a~~><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpcontent, #footer {margin-left: 5px !important;}';
111	else
112	echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
113	$ver_info = GOTMLS_Version.'&p='.strtoupper(GOTMLS_plugin_dir).'&wp='.$wp_version.'&ts='.date("YmdHis").'&key='.GOTMLS_installation_key.'&d='.ur1encode(GOTMLS_siteurl);
	@@ -146,8 +147,20 @@ function GOTMLS_display_header($optional_box = "") {
146	background: url("'.$GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=64") no-repeat scroll 0 0 transparent;
147	height: 64px;
148	line-height: 58px;
149	- margin: 10px 0 0;
150	- ~~padding~~: ~~0 0 0 84px~~;}












151	</style>
152	<div id="div_file" class="shadowed-box rounded-corners sidebar-box" style="padding: 0; display: none; position: fixed; top: '.$GOTMLS_settings_array["msg_position"][1].'; left: '.$GOTMLS_settings_array["msg_position"][0].'; width: '.$GOTMLS_settings_array["msg_position"][3].'; height: '.$GOTMLS_settings_array["msg_position"][2].'; border: solid #c00; z-index: 112358;"><table style="width: 100%; height: 100%;" cellspacing="0" cellpadding="0"><tr><td style="border-bottom: 1px solid #EEEEEE;" colspan="2"><a class="rounded-corners" name="link_file" style="float: right; padding: 0 4px; margin: 6px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#found_top" onclick="showhide(\'div_file\');">X</a><h3 onmousedown="grabDiv();" onmouseup="releaseDiv();" id="windowTitle" style="cursor: move; border-bottom: 0px none; z-index: 2345677; position: absolute; left: 0px; top: 0px; margin: 0px; padding: 6px; width: 90%; height: 20px;">'.GOTMLS_Loading_LANGUAGE.'</h3></td></tr><tr><td colspan="2" style="height: 100%"><div style="width: 100%; height: 100%; position: relative; padding: 0; margin: 0;" class="inside"><br /><br /><center><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'<br /><br /><input type="button" onclick="showhide(\'GOTMLS_iFrame\', true);" value="'.GOTMLS_too_long_LANGUAGE.'" class="button-primary" /></center><iframe id="GOTMLS_iFrame" name="GOTMLS_iFrame" style="top: 0px; left: 0px; position: absolute; width: 100%; height: 100%; background-color: #CCC;"></iframe></td></tr><tr><td style="height: 20px;"><iframe id="GOTMLS_statusFrame" name="GOTMLS_statusFrame" style="width: 100%; height: 20px; background-color: #CCC;"></iframe></div></td><td style="height: 20px; width: 20px;"><h3 id="cornerGrab" onmousedown="grabCorner();" onmouseup="releaseCorner();" style="cursor: move; height: 24px; width: 24px; margin: 0; padding: 0; z-index: 2345678; position: absolute; right: 0px; bottom: 0px;">⇲</h3></td></tr></table></div>
153	<script type="text/javascript">
	@@ -176,33 +189,34 @@ function setvalAllFiles(val) {
176	if (checkboxes)
177	checkboxes.value = val;
178	}


















179	function loadIframe(title) {
180	showhide("GOTMLS_iFrame", true);
181	showhide("GOTMLS_iFrame");
182	document.getElementById("windowTitle").innerHTML = title;
183	- windowW = 0;
184	- windowH = 0;
185	- if (typeof window.innerWidth != "undefined") {
186	- // the more standards compliant browsers (mozilla/netscape/opera/IE7) use window.innerWidth and window.innerHeight
187	- windowW = window.innerWidth;
188	- windowH = window.innerHeight;
189	- } else if (typeof document.documentElement != "undefined" && typeof document.documentElement.clientWidth != "undefined" && document.documentElement.clientWidth != 0) {
190	- // IE6 in standards compliant mode (i.e. with a valid doctype as the first line in the document)
191	- windowW = document.documentElement.clientWidth;
192	- windowH = document.documentElement.clientHeight;
193	- } else {
194	- // older versions of IE
195	- windowW = document.getElementsByTagName("body")[0].clientWidth;
196	- windowH = document.getElementsByTagName("body")[0].clientHeight;
197	- }
198	if (windowW > 200)
199	windowW -= 20;
200	- else
201	- windowW = 200;
202	if (windowH > 200)
203	windowH -= 20;
204	- else
205	- windowH = 200;
206	if (px2num("'.$GOTMLS_settings_array["msg_position"][3].'") > windowW) {
207	curDiv.style.width = windowW + "px";
208	curDiv.style.left = "0px";
	@@ -259,7 +273,7 @@ function getMouseXY(e) {
259	return true;
260	}
261	function px2num(px) {
262	- return px.substring(0, px.length - 2);
263	}
264	function setDiv(DivID) {
265	curDiv=document.getElementById(DivID);
	@@ -306,7 +320,8 @@ function releaseCorner() {
306	}
307	setDiv("div_file");
308	</script>
309	- <h1 id="main-page-title"~~>Anti-Malware~~ ~~by <img~~ style="vertical-align: middle;" ~~alt="ELI" src="'.$GLOBALS["~~GOTMLS~~"]["tmp"]["protocol"]~~.~~'//gravatar.com/avatar/69ad8428e97469d0dcd64f1f60c07bd8?s=64" /> at GOTMLS.~~NET</h1>

310	<div id="GOTMLS-right-sidebar" style="width: 300px;" class="metabox-holder">
311	'.GOTMLS_box(GOTMLS_Plugin_Updates_LANGUAGE.' '.$wp_version, '<div id="findUpdates"><center>'.GOTMLS_Searching_updates_LANGUAGE.'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>'.$Update_Link, "stuffbox").'
312	'.GOTMLS_box(GOTMLS_Definition_Updates_LANGUAGE.' ('.$definition_version.')', '
	@@ -470,10 +485,11 @@ function stuffbox_showhide(id) {
470	}
471	}
472	}


473	</script>';
474	}
475	echo '
476	- <div id="admin-page-container">
477	<div id="GOTMLS-main-section" style="margin-right: 300px;">
478	<div class="metabox-holder GOTMLS" style="width: 100%;" id="GOTMLS-metabox-container">';
479	}
	@@ -493,46 +509,45 @@ function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
493	}
494
495	function GOTMLS_View_Quarantine() {

496	$entries = GOTMLS_getfiles($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
497	GOTMLS_display_header();
498	$Q_Page = '
499	- <form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1">
500	- <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>';
501	if (is_array($entries) && ($key = array_search(".htaccess", $entries)))
502	unset($entries[$key]);
503	if (is_array($entries) && ($key = array_search("index.php", $entries)))
504	unset($entries[$key]);
505	if (is_array($entries) && count($entries)) {
506	- $Q_Page .= ~~(count($entries)?~~'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'fix_button\').style.display = \'block\';"> Check all ':'').count($entries).' Item'.(count($entries)==1?'':'s').' in Quarantine<span style="float: right;">Date Quarantined</span></h3><p id="fix_button" style="display: none; float: right;"><input id="repair_button" type="submit" value="'.__("Restore SELECTED files from Quarantine",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><br /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete SELECTED files from Quarantine",'gotmls').'" style="background-color: #C33; color: #FFF; background-image: linear-gradient(to bottom, #C22, #933); border-color: #933 #933 #900; box-shadow: 0 1px 0 rgba(230, 120, 120, 0.5) inset; text-decoration: none; text-shadow: 0 1px 0 rgba(0, 0, 0, 0.1); margin-top: 10px;" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p>'.__("~~<p><b>~~The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files~~.</~~b></p> FYI - these files are found in:",'gotmls').' '.$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"];

507	sort($entries);

508	foreach ($entries as $entry) {
509	$file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry;
510	- $date = date("y-m-d-H-i",filemtime($file));
511	- $Q_Page .= '<li><~~img~~ ~~src~~="'.~~GOTMLS_images_path.~~'~~/blocked.gif~~" ~~height~~=16 ~~width~~=16 ~~alt~~="Q" ~~style~~="~~float:~~ ~~left~~;">';
512	if (is_file($file) && GOTMLS_get_ext($entry) == "gotmls") {
513	$file_date = explode(".", $entry);
514	if (count($file_date) > 2 && strlen($file_date[0]) == 5)
515	$date = GOTMLS_sexagesimal($file_date[0]);
516	- elseif (@rename($file, GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).GOTMLS_sexagesimal($date).".$entry"))
517	$file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).GOTMLS_sexagesimal($date).".$entry";
518	- $Q_Page .= '<~~input~~ ~~type~~="~~checkbox" name="GOTMLS_fix[]" value="~~'.~~GOTMLS_encode($file)~~.'" id=~~"check_'.GOTMLS_encode($file).'"~~ ~~onchange~~=~~"document.getElementById(\'fix_button\').style.display~~ = ~~\'block\';~~" />'.GOTMLS_error_link("View Quarantined File", $file).str_replace($root_path, "", GOTMLS_decode($file_date[count($file_date)-2]));
519	} else
520	- $Q_Page .= '<~~li><~~img src="'.GOTMLS_images_path.'~~/blocked~~.gif" height=16 width=16 alt="?" ~~style="float: left;"~~>'.GOTMLS_error_link("Foreign File in Quarantine", $file).$~~file~~;
521	- $~~date~~ = ~~explode(~~"-"~~, $date)~~;
522	- $Q_Page .= "</a> <span style='float: right; margin-right: 8px;'>(20$date[0]-$date[1]-$date[2] at $date[3]:$date[4])</span></li>";
523	}
524	} else
525	- $Q_Page .= __("No Items in Quarantine",'gotmls').'</h3>';
526	- echo GOTMLS_box("Quarantine", "$Q_Page</ul>\n</form>\n")."\n</div></div></div>";
527	}
528
529	function GOTMLS_settings() {
530	global $current_user, $wp_version, $GOTMLS_definitions_array, $GOTMLS_threat_levels, $GOTMLS_scanfiles, $GOTMLS_loop_execution_time, $GOTMLS_skip_ext, $GOTMLS_skip_dirs, $GOTMLS_settings_array, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
531	$GOTMLS_scan_groups = array();
532	$dirs = GOTMLS_explode_dir(__file__);
533	- $~~scan_level~~ = intval($GOTMLS_settings_array["scan_level"]);
534	- $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__file__), 0, (2 + $scan_level) * -1));
535	- for ($SL=0;$SL<$scan_level;$SL++)
536	$GOTMLS_scan_groups[] = '<b>'.implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)).'</b>';
537	if (isset($_POST["check"]))
538	$GOTMLS_settings_array["check"] = $_POST["check"];


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.14.51
12	*/
13	/* ___
14	* / /\ GOTMLS Main Plugin File

31	* \ \::/ with this program; if not, write to the Free Software Foundation,
32	* \__\/ Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
33
34	+ if (isset($_SERVER["SCRIPT_FILENAME"]) && substr(__FILE__, -1 * strlen($_SERVER["SCRIPT_FILENAME"])) == substr($_SERVER["SCRIPT_FILENAME"], -1 * strlen(__FILE__)))
35	+ include(dirname(__FILE__)."/safe-load/index.php");
36
37	define("GOTMLS_plugin_path", dirname(__FILE__).'/');
38	load_plugin_textdomain('gotmls', false, basename(GOTMLS_plugin_path).'/languages');

108	get_currentuserinfo();
109	$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
110	if (isset($_GET["check_site"]) && $_GET["check_site"] == 1)
111	+ echo '<div class="updated" id="check_site" style="z-index: 1234567;"><img src="'.GOTMLS_images_path.'checked.gif" height=16 width=16 alt="✔"> '.GOTMLS_Tested_your_site_LANGUAGE.' ;-)</div><script type="text/javascript">window.parent.document.getElementById("check_site_warning").style.backgroundColor=\'#0C0\';</script><li>Please <a target="_blank" href="https://wordpress.org/plugins/gotmls/stats/?compatibility%5Bversion%5D='.$wp_version.'&compatibility%5Btopic_version%5D='.GOTMLS_Version.'&compatibility%5Bcompatible%5D=1#compatibility-works">Vote "Works"</a> or <a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/gotmls#postform">write a "Five-Star" Reviews</a> on WordPress.org if you like this plugin.</li><style>#footer, #GOTMLS-metabox-container, #GOTMLS-right-sidebar, #admin-page-container, #wpadminbar, #adminmenuback, #adminmenuwrap, #adminmenu {display: none !important;} #wpbody-content {padding-bottom: 0;} #wpbody {padding-top: 0 !important;} #wpcontent, #footer {margin-left: 5px !important;} html.wp-toolbar {padding-top: 0 !important;}';
112	else
113	echo '<style>#GOTMLS-right-sidebar {float: right; margin-right: 0px;}';
114	$ver_info = GOTMLS_Version.'&p='.strtoupper(GOTMLS_plugin_dir).'&wp='.$wp_version.'&ts='.date("YmdHis").'&key='.GOTMLS_installation_key.'&d='.ur1encode(GOTMLS_siteurl);

147	background: url("'.$GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gravatar.com/avatar/5feb789dd3a292d563fea3b885f786d6?s=64") no-repeat scroll 0 0 transparent;
148	height: 64px;
149	line-height: 58px;
150	+ margin: 10px 0 0 0;
151	+ max-width: 500px;
152	+ padding: 0 10px 0 84px;
153	+ }
154	+ #main-page-title h1 {
155	+ background: url("'.$GLOBALS["GOTMLS"]["tmp"]["protocol"].'//gravatar.com/avatar/69ad8428e97469d0dcd64f1f60c07bd8?s=64") no-repeat scroll top right transparent;
156	+ height: 64px;
157	+ line-height: 32px;
158	+ margin: 0;
159	+ padding: 0 84px 0 0;
160	+ display: table-cell;
161	+ text-align: center;
162	+ vertical-align: middle;
163	+ }
164	</style>
165	<div id="div_file" class="shadowed-box rounded-corners sidebar-box" style="padding: 0; display: none; position: fixed; top: '.$GOTMLS_settings_array["msg_position"][1].'; left: '.$GOTMLS_settings_array["msg_position"][0].'; width: '.$GOTMLS_settings_array["msg_position"][3].'; height: '.$GOTMLS_settings_array["msg_position"][2].'; border: solid #c00; z-index: 112358;"><table style="width: 100%; height: 100%;" cellspacing="0" cellpadding="0"><tr><td style="border-bottom: 1px solid #EEEEEE;" colspan="2"><a class="rounded-corners" name="link_file" style="float: right; padding: 0 4px; margin: 6px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;" href="#found_top" onclick="showhide(\'div_file\');">X</a><h3 onmousedown="grabDiv();" onmouseup="releaseDiv();" id="windowTitle" style="cursor: move; border-bottom: 0px none; z-index: 2345677; position: absolute; left: 0px; top: 0px; margin: 0px; padding: 6px; width: 90%; height: 20px;">'.GOTMLS_Loading_LANGUAGE.'</h3></td></tr><tr><td colspan="2" style="height: 100%"><div style="width: 100%; height: 100%; position: relative; padding: 0; margin: 0;" class="inside"><br /><br /><center><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'<br /><br /><input type="button" onclick="showhide(\'GOTMLS_iFrame\', true);" value="'.GOTMLS_too_long_LANGUAGE.'" class="button-primary" /></center><iframe id="GOTMLS_iFrame" name="GOTMLS_iFrame" style="top: 0px; left: 0px; position: absolute; width: 100%; height: 100%; background-color: #CCC;"></iframe></td></tr><tr><td style="height: 20px;"><iframe id="GOTMLS_statusFrame" name="GOTMLS_statusFrame" style="width: 100%; height: 20px; background-color: #CCC;"></iframe></div></td><td style="height: 20px; width: 20px;"><h3 id="cornerGrab" onmousedown="grabCorner();" onmouseup="releaseCorner();" style="cursor: move; height: 24px; width: 24px; margin: 0; padding: 0; z-index: 2345678; position: absolute; right: 0px; bottom: 0px;">⇲</h3></td></tr></table></div>
166	<script type="text/javascript">

189	if (checkboxes)
190	checkboxes.value = val;
191	}
192	+ function getWindowWidth(min) {
193	+ if (typeof window.innerWidth != "undefined" && window.innerWidth > min)
194	+ min = window.innerWidth;
195	+ else if (typeof document.documentElement != "undefined" && typeof document.documentElement.clientWidth != "undefined" && document.documentElement.clientWidth > min)
196	+ min = document.documentElement.clientWidth;
197	+ else if (typeof document.getElementsByTagName("body")[0].clientWidth != "undefined" && document.getElementsByTagName("body")[0].clientWidth > min)
198	+ min = document.getElementsByTagName("body")[0].clientWidth;
199	+ return min;
200	+ }
201	+ function getWindowHeight(min) {
202	+ if (typeof window.innerHeight != "undefined" && window.innerHeight > min)
203	+ min = window.innerHeight;
204	+ else if (typeof document.documentElement != "undefined" && typeof document.documentElement.clientHeight != "undefined" && document.documentElement.clientHeight > min)
205	+ min = document.documentElement.clientHeight;
206	+ else if (typeof document.getElementsByTagName("body")[0].clientHeight != "undefined" && document.getElementsByTagName("body")[0].clientHeight > min)
207	+ min = document.getElementsByTagName("body")[0].clientHeight;
208	+ return min;
209	+ }
210	function loadIframe(title) {
211	showhide("GOTMLS_iFrame", true);
212	showhide("GOTMLS_iFrame");
213	document.getElementById("windowTitle").innerHTML = title;
214	+ windowW = getWindowWidth(200);
215	+ windowH = getWindowHeight(200);













216	if (windowW > 200)
217	windowW -= 20;


218	if (windowH > 200)
219	windowH -= 20;


220	if (px2num("'.$GOTMLS_settings_array["msg_position"][3].'") > windowW) {
221	curDiv.style.width = windowW + "px";
222	curDiv.style.left = "0px";

273	return true;
274	}
275	function px2num(px) {
276	+ return parseInt(px.substring(0, px.length - 2), 10);
277	}
278	function setDiv(DivID) {
279	curDiv=document.getElementById(DivID);

320	}
321	setDiv("div_file");
322	</script>
323	+ <div id="main-page-title"><h1 style="vertical-align: middle;">Anti-Malware from GOTMLS.NET</h1></div>
324	+ <div id="admin-page-container">
325	<div id="GOTMLS-right-sidebar" style="width: 300px;" class="metabox-holder">
326	'.GOTMLS_box(GOTMLS_Plugin_Updates_LANGUAGE.' '.$wp_version, '<div id="findUpdates"><center>'.GOTMLS_Searching_updates_LANGUAGE.'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>'.$Update_Link, "stuffbox").'
327	'.GOTMLS_box(GOTMLS_Definition_Updates_LANGUAGE.' ('.$definition_version.')', '

485	}
486	}
487	}
488	+ if (getWindowWidth(780) == 780)
489	+ setTimeout("stuffbox_showhide(\'inside_'.$md5.'\')", 200);
490	</script>';
491	}
492	echo '

493	<div id="GOTMLS-main-section" style="margin-right: 300px;">
494	<div class="metabox-holder GOTMLS" style="width: 100%;" id="GOTMLS-metabox-container">';
495	}

509	}
510
511	function GOTMLS_View_Quarantine() {
512	+ global $GOTMLS_settings_array;
513	$entries = GOTMLS_getfiles($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
514	GOTMLS_display_header();
515	$Q_Page = '
516	+ <form method="POST" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1">';

517	if (is_array($entries) && ($key = array_search(".htaccess", $entries)))
518	unset($entries[$key]);
519	if (is_array($entries) && ($key = array_search("index.php", $entries)))
520	unset($entries[$key]);
521	if (is_array($entries) && count($entries)) {
522	+ $Q_Page .= '<p id="fix_button" style="display: none; float: right;"><input id="repair_button" type="submit" value="'.__("Restore SELECTED files from Quarantine",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><br /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete SELECTED files from Quarantine",'gotmls').'" style="background-color: #C33; color: #FFF; background-image: linear-gradient(to bottom, #C22, #933); border-color: #933 #933 #900; box-shadow: 0 1px 0 rgba(230, 120, 120, 0.5) inset; text-decoration: none; text-shadow: 0 1px 0 rgba(0, 0, 0, 0.1); margin-top: 10px;" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p><p>'.sprintf(__("FYI - these files are found in: %s",'gotmls'), ' '.$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).'</p>
523	+ <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.(count($entries)>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'fix_button\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),count($entries)):"").__(" Items in Quarantine",'gotmls').'<span style="float: right;">Date Quarantined</span></h3>';
524	sort($entries);
525	+ $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__file__), 0, (2 + intval($GOTMLS_settings_array["scan_level"])) * -1));
526	foreach ($entries as $entry) {
527	$file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry;
528	+ $date = explode("-", date("y-m-d-H-i",filemtime($file)));
529	+ $Q_Page .= "\n<li style='margin-left: 12px;'><span style='float: right; width: 130px;'>(20$date[0]-$date[1]-$date[2] at $date[3]:$date[4])</span>".'<input type="checkbox" name="GOTMLS_fix[]" value="'.GOTMLS_encode($file).'" id="check_'.GOTMLS_encode($file).'" onchange="document.getElementById(\'fix_button\').style.display = \'block\';" />';
530	if (is_file($file) && GOTMLS_get_ext($entry) == "gotmls") {
531	$file_date = explode(".", $entry);
532	if (count($file_date) > 2 && strlen($file_date[0]) == 5)
533	$date = GOTMLS_sexagesimal($file_date[0]);
534	+ elseif (@rename($file, GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).GOTMLS_sexagesimal(implode("-", $date)).".$entry"))
535	$file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).GOTMLS_sexagesimal($date).".$entry";
536	+ $Q_Page .= '<img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $file).str_replace($root_path, "...", GOTMLS_decode($file_date[count($file_date)-2]));
537	} else
538	+ $Q_Page .= '<img src="'.GOTMLS_images_path.'threat.gif" height=16 width=16 alt="?">'.GOTMLS_error_link(__("Foreign File in Quarantine",'gotmls'), $file).$entry;
539	+ $Q_Page .= "</a></li>";

540	}
541	} else
542	+ $Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
543	+ echo GOTMLS_box(__("Quarantine",'gotmls'), "$Q_Page</ul>\n</form>\n")."\n</div></div></div>";
544	}
545
546	function GOTMLS_settings() {
547	global $current_user, $wp_version, $GOTMLS_definitions_array, $GOTMLS_threat_levels, $GOTMLS_scanfiles, $GOTMLS_loop_execution_time, $GOTMLS_skip_ext, $GOTMLS_skip_dirs, $GOTMLS_settings_array, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
548	$GOTMLS_scan_groups = array();
549	$dirs = GOTMLS_explode_dir(__file__);
550	+ for ($SL=0;$SL<intval($GOTMLS_settings_array["scan_level"]);$SL++)


551	$GOTMLS_scan_groups[] = '<b>'.implode(GOTMLS_slash(), array_slice($dirs, -1 * (3 + $SL), 1)).'</b>';
552	if (isset($_POST["check"]))
553	$GOTMLS_settings_array["check"] = $_POST["check"];

languages/gotmls.pot CHANGED Viewed

	@@ -8,7 +8,7 @@ msgid ""
8	msgstr ""
9	"Project-Id-Version: GOTMLS\n"
10	"Report-Msgid-Bugs-To: eli@gotmls.net\n"
11	- "POT-Creation-Date: 2014-12-13 20:31+0900\n"
12	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"
	@@ -109,12 +109,32 @@ msgstr ""
109	msgid "Are you sure you want to permanently delete the selected files in the Quarantine?"
110	msgstr ""
111
112	- msgid "~~<p><b>~~The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files~~.</b></p> FYI - these files are found in:~~"

















113	msgstr ""
114
115	msgid "No Items in Quarantine"
116	msgstr ""
117



118	msgid "Only Scan These Folders:"
119	msgstr ""
120


8	msgstr ""
9	"Project-Id-Version: GOTMLS\n"
10	"Report-Msgid-Bugs-To: eli@gotmls.net\n"
11	+ "POT-Creation-Date: 2014-12-17 01:13+0900\n"
12	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"

109	msgid "Are you sure you want to permanently delete the selected files in the Quarantine?"
110	msgstr ""
111
112	+ msgid "The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files."
113	+ msgstr ""
114	+
115	+ #, php-format
116	+ msgid "FYI - these files are found in: %s"
117	+ msgstr ""
118	+
119	+ #, php-format
120	+ msgid "Check all %d"
121	+ msgstr ""
122	+
123	+ msgid " Items in Quarantine"
124	+ msgstr ""
125	+
126	+ msgid "View Quarantined File"
127	+ msgstr ""
128	+
129	+ msgid "Foreign File in Quarantine"
130	msgstr ""
131
132	msgid "No Items in Quarantine"
133	msgstr ""
134
135	+ msgid "Quarantine"
136	+ msgstr ""
137	+
138	msgid "Only Scan These Folders:"
139	msgstr ""
140

readme.txt CHANGED Viewed

	@@ -4,9 +4,9 @@ Author: Eli Scheetz
4	Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	- Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware
8	- Version: 4.14.50
9	- Stable tag: 4.14.50
10	Requires at least: 3.3
11	Tested up to: 4.0.1
12
	@@ -16,15 +16,15 @@ This Anti-Malware plugin searches for Malware and other Virus like threats and s
16
17	Features:
18
19	- * ~~Automatic~~ ~~removal~~ ~~of "~~Known Threats".
20	- * ~~Download~~ ~~definitions~~ of ~~new~~ ~~threat~~ as ~~they~~ ~~are~~ ~~discovered~~.
21	- * ~~Automatically~~ ~~upgrade~~ ~~vulnerable~~ ~~versions~~ of ~~timthumb scripts~~.
22	- * ~~Automatically~~ ~~patch~~ ~~wp-login.php~~ to ~~block~~ ~~brute-force attacks~~.
23	* Run a Quick Scan from the admin menu.
24	- * Customize Scan Setting.
25	* Run a Complete Scan from the Settings Page.

26
27	- Updated December ~~12th~~
28
29	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30
	@@ -47,6 +47,14 @@ NOTICE: This plugin make use of a "phone home" feature to check for updates. Thi
47
48	If you register on [GOTMLS.NET](http://gotmls.net/) you will have access to download definitions of New Threats and added features like automatic removal of "Known Threats" and patches for specific security issues like old versions of timthumb and brute-force attacks on wp-login.php. Otherwise, this plugin only scans for "Potential Threats" on your site, it would then be up to you to identify the good from the bad and remove them accordingly.
49








50	= Why can't I automatically remove the "Potential Threats" in yellow? =
51
52	Many of these files may use eval and other powerful PHP function for perfectly legitimate reasons and removing that code from the files would likely cripple or even break your site so I have only enabled the Auto remove feature for "Know Threats".
	@@ -55,10 +63,6 @@ Many of these files may use eval and other powerful PHP function for perfectly l
55
56	Click on the linked filename to examine it, then click each numbered link above the file content box to highlight the suspicious code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to my definition update as a "Know Threat", then it can be automatically removed.
57
58	- = Why does the wp-login.php file show up as a vulnerability (even on a fresh install of WordPress)? =
59	-
60	- The WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. This plugin can apply a patch that will block access to the WordPress Login page whenever this type of attack is detected. For more information on this subject [read my blog](http://gotmls.net/tag/wp-login-php/).
61	-
62	= What if the scan gets stuck part way through? =
63
64	First just leave it for a while. If there are a lot of files on your server it could take quite a while and could sometimes appear to not be moving along at all even if it really is working. If it still seems stuck after a while then try running the scan again, be sure you try both the Complete Scan and the Quick scan.
	@@ -85,6 +89,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
85
86	== Changelog ==
87



88	= 4.14.50 =
89	* Enabled the Brute-Force protection option directly from the Settings page.
90	* Fixed window position to auto-adjust on small screens.
	@@ -266,6 +273,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
266
267	== Upgrade Notice ==
268



269	= 4.14.50 =
270	Enabled the Brute-Force protection from the Settings page and fixed window position on small screens.
271


4	Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	+ Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.14.51
9	+ Stable tag: 4.14.51
10	Requires at least: 3.3
11	Tested up to: 4.0.1
12

16
17	Features:
18
19	+ * Automatically remove Known Threats and Back-doors.
20	+ * Automatically block SoakSoak and other malware from exploiting the Revolution Slider Vulnerability.
21	+ * Patch wp-login to block Brute-Force attacks.
22	+ * Upgrade vulnerable versions of timthumb scripts.
23	* Run a Quick Scan from the admin menu.

24	* Run a Complete Scan from the Settings Page.
25	+ * Download Definition Updates to protect against new threats.
26
27	+ Updated December 17th
28
29	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
30

47
48	If you register on [GOTMLS.NET](http://gotmls.net/) you will have access to download definitions of New Threats and added features like automatic removal of "Known Threats" and patches for specific security issues like old versions of timthumb and brute-force attacks on wp-login.php. Otherwise, this plugin only scans for "Potential Threats" on your site, it would then be up to you to identify the good from the bad and remove them accordingly.
49
50	+ = How do I patch the Revolution Slider vulnerability? =
51	+
52	+ Easy, if you have installed and activated my this Anti-Malware plugin on your site then it will automatically block attempts to exploit the Revolution Slider vulnerability.
53	+
54	+ = How do I patch the wp-login vulnerability? =
55	+
56	+ The WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. This plugin can apply a patch that will block access to the WordPress Login page whenever this type of attack is detected. Just click the Install Patch button under Brute-force Protection on the Anti-Malware Setting page. For more information on this subject [read my blog](http://gotmls.net/tag/wp-login-php/).
57	+
58	= Why can't I automatically remove the "Potential Threats" in yellow? =
59
60	Many of these files may use eval and other powerful PHP function for perfectly legitimate reasons and removing that code from the files would likely cripple or even break your site so I have only enabled the Auto remove feature for "Know Threats".

63
64	Click on the linked filename to examine it, then click each numbered link above the file content box to highlight the suspicious code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to my definition update as a "Know Threat", then it can be automatically removed.
65




66	= What if the scan gets stuck part way through? =
67
68	First just leave it for a while. If there are a lot of files on your server it could take quite a while and could sometimes appear to not be moving along at all even if it really is working. If it still seems stuck after a while then try running the scan again, be sure you try both the Complete Scan and the Quick scan.

89
90	== Changelog ==
91
92	+ = 4.14.51 =
93	+ * Block SoakSoak and other malware from exploiting the Slider Revolution Vulnerability (THIS IS A WIDESPREAD THREAT RIGHT NOW).
94	+
95	= 4.14.50 =
96	* Enabled the Brute-Force protection option directly from the Settings page.
97	* Fixed window position to auto-adjust on small screens.

273
274	== Upgrade Notice ==
275
276	+ = 4.14.51 =
277	+ Block SoakSoak and other malware from exploiting the Slider Revolution Vulnerability (THIS IS A WIDESPREAD THREAT RIGHT NOW).
278	+
279	= 4.14.50 =
280	Enabled the Brute-Force protection from the Settings page and fixed window position on small screens.
281

safe-load/index.php CHANGED Viewed

	@@ -4,11 +4,11 @@
4	* @package GOTMLS
5	*/
6
7	- if (!$_SESSION["GOTMLS_detected_attacks"])
8	- $_SESSION["GOTMLS_detected_attacks"] = '&attack[]=~~DIRECT_LOAD~~';
9	foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_USER_AGENT") as $var)
10	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
11	foreach (array("log") as $var)
12	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
13	- header("location: http://safe-load.gotmls.net/report.php?ver=4.14.50".$_SESSION["GOTMLS_detected_attacks"]);
14	die();


4	* @package GOTMLS
5	*/
6
7	+ if (!(isset($_SESSION["GOTMLS_detected_attacks"]) && $_SESSION["GOTMLS_detected_attacks"]))
8	+ $_SESSION["GOTMLS_detected_attacks"] = '&attack[]='.strtolower($_SERVER["SCRIPT_FILENAME"]);
9	foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_USER_AGENT") as $var)
10	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
11	foreach (array("log") as $var)
12	$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
13	+ header("location: http://safe-load.gotmls.net/report.php?ver=4.14.51".$_SESSION["GOTMLS_detected_attacks"]);
14	die();

Anti-Malware Security and Brute-Force Firewall - Version 4.14.51

Version Description

Release Info

Code changes from version 4.14.50 to 4.14.51