Version Description
Download this release
Release Info
| Developer | scheeeli |
| Plugin |  Anti-Malware Security and Brute-Force Firewall |
| Version | 4.15.17 |
| Comparing to | |
| See all releases | |
Code changes from version 4.15.16 to 4.15.17
- images/index.php +60 -18
- index.php +8 -7
- readme.txt +13 -5
- safe-load/index.php +1 -1
images/index.php
CHANGED
|
@@ -10,13 +10,25 @@ function GOTMLS_define($DEF, $val) {
|
|
| 10 |
define($DEF, $val);
|
| 11 |
}}
|
| 12 |
|
| 13 |
-
GOTMLS_define("GOTMLS_Version", "4.15.
|
| 14 |
GOTMLS_define("GOTMLS_require_version", "3.3");
|
| 15 |
GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
|
| 16 |
GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
|
| 17 |
GOTMLS_define("GOTMLS_plugin_path", dirname(GOTMLS_local_images_path).'/');
|
| 18 |
-
|
| 19 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 20 |
|
| 21 |
if (!function_exists("GOTMLS_encode")) {
|
| 22 |
function GOTMLS_encode($unencoded_string) {
|
|
@@ -68,11 +80,6 @@ if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && preg_match('|(.*?
|
|
| 68 |
} elseif (isset($_GET["no_error_reporting"]))
|
| 69 |
@error_reporting(0);
|
| 70 |
|
| 71 |
-
if (!function_exists("__")) {
|
| 72 |
-
function __($text, $domain) {
|
| 73 |
-
return $text;
|
| 74 |
-
}}
|
| 75 |
-
|
| 76 |
GOTMLS_define("GOTMLS_Skip_Quarantine_LANGUAGE", __("Skip scanning the Quarantine:",'gotmls'));
|
| 77 |
GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
|
| 78 |
GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Run Quick Scan",'gotmls'));
|
|
@@ -95,7 +102,7 @@ if (isset($_SERVER["SERVER_PORT"]) && $_SERVER["SERVER_PORT"])
|
|
| 95 |
$SERVER_HTTP .= ":".$_SERVER["SERVER_PORT"];
|
| 96 |
$SERVER_parts = explode(":", $SERVER_HTTP);
|
| 97 |
if ((isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on" || $_SERVER["HTTPS"] == 1)) || (count($SERVER_parts) > 2 && $SERVER_parts[2] == '443'))
|
| 98 |
-
$GLOBALS["GOTMLS"]["tmp"]["protocol"]
|
| 99 |
else
|
| 100 |
$GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
|
| 101 |
if (function_exists("get_option")) {
|
|
@@ -117,7 +124,6 @@ elseif (isset($_SERVER["SCRIPT_FILENAME"]) && isset($_SERVER["DOCUMENT_ROOT"]) &
|
|
| 117 |
else
|
| 118 |
GOTMLS_define("GOTMLS_images_path", str_replace("/update/", GOTMLS_plugin_dir, GOTMLS_update_images_path));
|
| 119 |
|
| 120 |
-
$GOTMLS_loop_execution_time = 60;
|
| 121 |
$GOTMLS_chmod_file = (0644);
|
| 122 |
$GOTMLS_chmod_dir = (0755);
|
| 123 |
$GOTMLS_file_contents = "";
|
|
@@ -304,7 +310,7 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
|
|
| 304 |
}
|
| 305 |
} elseif (strlen($check_threats) && isset($_GET['eli']) && substr($check_threats, 0, 1) == '/' && ($found = preg_match_all($check_threats, $GOTMLS_file_contents, $threats_found))) {
|
| 306 |
foreach ($threats_found[0] as $find) {
|
| 307 |
-
$GOTMLS_threats_found[$find] =
|
| 308 |
$GOTMLS_new_contents = str_replace($find, "", $GOTMLS_new_contents);
|
| 309 |
}
|
| 310 |
}
|
|
@@ -409,7 +415,7 @@ function GOTMLS_scanfile($file) {
|
|
| 409 |
$GOTMLS_file_contents = "";
|
| 410 |
} else
|
| 411 |
$GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>|$)/i', "", $GOTMLS_new_contents));
|
| 412 |
-
if (strlen($GOTMLS_file_contents) > 0 && (
|
| 413 |
echo __("Success!",'gotmls');
|
| 414 |
return "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
|
| 415 |
} else {
|
|
@@ -522,19 +528,55 @@ function GOTMLS_explode_dir($dir, $pre = '') {
|
|
| 522 |
|
| 523 |
function GOTMLS_html_tags($tags, $inner = array()) {
|
| 524 |
$html = "";
|
|
|
|
| 525 |
if (!is_array($tags))
|
| 526 |
return $html;
|
| 527 |
foreach ($tags as $tag => $contents) {
|
| 528 |
-
$html .= ($tag=="html"?"<!DOCTYPE html
|
| 529 |
if (is_array($contents))
|
| 530 |
$html .= GOTMLS_html_tags($contents, $inner);
|
| 531 |
else
|
| 532 |
$html .= $contents;
|
| 533 |
-
$html .= "</$tag
|
| 534 |
}
|
| 535 |
return $html;
|
| 536 |
}
|
| 537 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 538 |
|
| 539 |
function GOTMLS_quarantine($file = __FILE__) {
|
| 540 |
if (!(isset($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) && is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) {
|
|
@@ -542,7 +584,7 @@ function GOTMLS_quarantine($file = __FILE__) {
|
|
| 542 |
$err403 = GOTMLS_html_tags(array("html" => array("head" => array("title" => "403 Forbidden"), "body" => "<h1>Forbidden</h1>\n<p>You don't have permission to access this directory.</p>")));
|
| 543 |
$recoveryPHP = '<'.'?php
|
| 544 |
if ((isset($_SERVER["SCRIPT_FILENAME"]) && strlen($_SERVER["SCRIPT_FILENAME"]) > strlen(basename(__FILE__)) && substr(__FILE__, -1 * strlen($_SERVER["SCRIPT_FILENAME"])) == substr($_SERVER["SCRIPT_FILENAME"], -1 * strlen(__FILE__))) || !defined("GOTMLS_plugin_path"))
|
| 545 |
-
die("'
|
| 546 |
?'.'>';
|
| 547 |
$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), GOTMLS_trailingslashit($upload['basedir'])).'quarantine';
|
| 548 |
if (!is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) && !@mkdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))
|
|
@@ -584,9 +626,9 @@ function GOTMLS_flush($tag = "") {
|
|
| 584 |
}
|
| 585 |
|
| 586 |
function GOTMLS_readdir($dir, $current_depth = 1) {
|
| 587 |
-
global $
|
| 588 |
if ($dir != $GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] || $current_depth == 1) {
|
| 589 |
-
@set_time_limit($
|
| 590 |
$entries = GOTMLS_getfiles($dir);
|
| 591 |
if (is_array($entries)) {
|
| 592 |
echo GOTMLS_return_threat("dirs", "wait", $dir).GOTMLS_update_status(sprintf(__("Preparing %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir)), $GOTMLS_total_percent);
|
|
@@ -629,7 +671,7 @@ function GOTMLS_readdir($dir, $current_depth = 1) {
|
|
| 629 |
}
|
| 630 |
} else
|
| 631 |
echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' readdir:'.($entries===false?'('.GOTMLS_fileperms($dir).')':$entries)));
|
| 632 |
-
@set_time_limit($
|
| 633 |
if ($current_depth-- && $_REQUEST["scan_type"] == "Quick Scan") {
|
| 634 |
$GOTMLS_dir_at_depth[$current_depth]++;
|
| 635 |
for ($GOTMLS_total_percent = 0, $depth = $current_depth; $depth >= 0; $depth--) {
|
| 10 |
define($DEF, $val);
|
| 11 |
}}
|
| 12 |
|
| 13 |
+
GOTMLS_define("GOTMLS_Version", "4.15.17");
|
| 14 |
GOTMLS_define("GOTMLS_require_version", "3.3");
|
| 15 |
GOTMLS_define("GOTMLS_plugin_dir", "gotmls");
|
| 16 |
GOTMLS_define("GOTMLS_local_images_path", dirname(__FILE__)."/");
|
| 17 |
GOTMLS_define("GOTMLS_plugin_path", dirname(GOTMLS_local_images_path).'/');
|
| 18 |
+
|
| 19 |
+
if (!function_exists("__")) {
|
| 20 |
+
function __($text, $domain) {
|
| 21 |
+
return $text;
|
| 22 |
+
}}
|
| 23 |
+
|
| 24 |
+
$GLOBALS["GOTMLS"] = array(
|
| 25 |
+
"tmp"=>array(
|
| 26 |
+
"mt"=>((isset($_GET["mt"])&&is_numeric($_GET["mt"]))?$_GET["mt"]:microtime(true)),
|
| 27 |
+
"threat_levels" => array(__("htaccess Threats",'gotmls')=>"htaccess",__("TimThumb Exploits",'gotmls')=>"timthumb",__("Backdoor Scripts",'gotmls')=>"backdoor",__("Known Threats",'gotmls')=>"known",__("Core File Changes",'gotmls')=>"wp_core",__("Potential Threats",'gotmls')=>"potential"),
|
| 28 |
+
"default_ext"=>"ieonly.", "skip_ext"=>array("png", "jpg", "jpeg", "gif", "bmp", "tif", "tiff", "psd", "fla", "flv", "mov", "mp3", "exe", "zip", "pdf", "css", "pot", "po", "mo", "so", "doc", "docx", "svg", "ttf"),
|
| 29 |
+
"execution_time" => 60,
|
| 30 |
+
"default" => array("msg_position" => array('80px', '40px', '400px', '600px'))));
|
| 31 |
+
GOTMLS_define("GOTMLS_script_URI", preg_replace('/\&(last_)?mt=[0-9\.]+/', '', str_replace('&', '&', htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES))).'&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"]);
|
| 32 |
|
| 33 |
if (!function_exists("GOTMLS_encode")) {
|
| 34 |
function GOTMLS_encode($unencoded_string) {
|
| 80 |
} elseif (isset($_GET["no_error_reporting"]))
|
| 81 |
@error_reporting(0);
|
| 82 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 83 |
GOTMLS_define("GOTMLS_Skip_Quarantine_LANGUAGE", __("Skip scanning the Quarantine:",'gotmls'));
|
| 84 |
GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
|
| 85 |
GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Run Quick Scan",'gotmls'));
|
| 102 |
$SERVER_HTTP .= ":".$_SERVER["SERVER_PORT"];
|
| 103 |
$SERVER_parts = explode(":", $SERVER_HTTP);
|
| 104 |
if ((isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on" || $_SERVER["HTTPS"] == 1)) || (count($SERVER_parts) > 2 && $SERVER_parts[2] == '443'))
|
| 105 |
+
$GLOBALS["GOTMLS"]["tmp"]["protocol"] = "https:";
|
| 106 |
else
|
| 107 |
$GLOBALS["GOTMLS"]["tmp"]["protocol"] = "http:";
|
| 108 |
if (function_exists("get_option")) {
|
| 124 |
else
|
| 125 |
GOTMLS_define("GOTMLS_images_path", str_replace("/update/", GOTMLS_plugin_dir, GOTMLS_update_images_path));
|
| 126 |
|
|
|
|
| 127 |
$GOTMLS_chmod_file = (0644);
|
| 128 |
$GOTMLS_chmod_dir = (0755);
|
| 129 |
$GOTMLS_file_contents = "";
|
| 310 |
}
|
| 311 |
} elseif (strlen($check_threats) && isset($_GET['eli']) && substr($check_threats, 0, 1) == '/' && ($found = preg_match_all($check_threats, $GOTMLS_file_contents, $threats_found))) {
|
| 312 |
foreach ($threats_found[0] as $find) {
|
| 313 |
+
$GOTMLS_threats_found[$find] = $check_threats;
|
| 314 |
$GOTMLS_new_contents = str_replace($find, "", $GOTMLS_new_contents);
|
| 315 |
}
|
| 316 |
}
|
| 415 |
$GOTMLS_file_contents = "";
|
| 416 |
} else
|
| 417 |
$GOTMLS_new_contents = trim(preg_replace('/<\?(php)?\s*(\?>|$)/i', "", $GOTMLS_new_contents));
|
| 418 |
+
if (strlen($GOTMLS_file_contents) > 0 && (GOTMLS_write_quarantine($file, $className) !== false) && ((strlen($GOTMLS_new_contents)==0 && isset($_GET["eli"]) && @unlink($file)) || (GOTMLS_file_put_contents($file, $GOTMLS_new_contents) !== false))) {
|
| 419 |
echo __("Success!",'gotmls');
|
| 420 |
return "/*-->*"."/\nfixedFile('$clean_file');\n/*<!--*"."/";
|
| 421 |
} else {
|
| 528 |
|
| 529 |
function GOTMLS_html_tags($tags, $inner = array()) {
|
| 530 |
$html = "";
|
| 531 |
+
$gt = ">";
|
| 532 |
if (!is_array($tags))
|
| 533 |
return $html;
|
| 534 |
foreach ($tags as $tag => $contents) {
|
| 535 |
+
$html .= ($tag=="html"?"<!DOCTYPE html$gt":"<$tag".(isset($inner[$tag])?" ".$inner[$tag]:"").$gt);
|
| 536 |
if (is_array($contents))
|
| 537 |
$html .= GOTMLS_html_tags($contents, $inner);
|
| 538 |
else
|
| 539 |
$html .= $contents;
|
| 540 |
+
$html .= "</$tag$gt";
|
| 541 |
}
|
| 542 |
return $html;
|
| 543 |
}
|
| 544 |
|
| 545 |
+
function GOTMLS_write_quarantine($file, $className) {
|
| 546 |
+
global $wpdb, $current_user, $GOTMLS_file_contents, $GOTMLS_new_contents, $GOTMLS_threats_found;
|
| 547 |
+
$insert = array("post_author"=>$current_user->ID, "post_content"=>GOTMLS_encode($GOTMLS_file_contents), "post_mime_type"=>md5($GOTMLS_file_contents), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"Quarantined", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GOTMLS_new_contents));
|
| 548 |
+
$insert["post_date"] = date("Y-m-d H:i:s");
|
| 549 |
+
$insert["post_date_gmt"] = $insert["post_date"];
|
| 550 |
+
if (is_file($file)) {
|
| 551 |
+
if (@filemtime($file))
|
| 552 |
+
$insert["post_modified"] = date("Y-m-d H:i:s", @filemtime($file));
|
| 553 |
+
else
|
| 554 |
+
$insert["post_modified"] = $insert["post_date"];
|
| 555 |
+
if (@filectime($file))
|
| 556 |
+
$insert["post_modified_gmt"] = date("Y-m-d H:i:s", @filectime($file));
|
| 557 |
+
else
|
| 558 |
+
$insert["post_modified_gmt"] = $insert["post_date"];
|
| 559 |
+
if (!($insert["comment_count"] = @filesize($file)))
|
| 560 |
+
$insert["comment_count"] = strlen($GOTMLS_file_contents);
|
| 561 |
+
}
|
| 562 |
+
if (isset($GOTMLS_threats_found) && is_array($GOTMLS_threats_found)) {
|
| 563 |
+
$insert["post_excerpt"] = GOTMLS_encode(@serialize(array_keys($GOTMLS_threats_found)));
|
| 564 |
+
$pinged = array();
|
| 565 |
+
foreach ($GOTMLS_threats_found as $threat_name) {
|
| 566 |
+
if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) == 5 && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]))
|
| 567 |
+
$ping = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1];
|
| 568 |
+
else
|
| 569 |
+
$ping = $threat_name;
|
| 570 |
+
if (isset($pinged[$ping]))
|
| 571 |
+
$pinged[$ping]++;
|
| 572 |
+
else
|
| 573 |
+
$pinged[$ping] = 1;
|
| 574 |
+
}
|
| 575 |
+
$insert["pinged"] = GOTMLS_encode(@serialize($pinged));
|
| 576 |
+
}
|
| 577 |
+
$wpdb->insert($wpdb->posts, $insert);//! comment_status post_password post_name to_ping post_parent guid menu_order";
|
| 578 |
+
return GOTMLS_file_put_contents(GOTMLS_quarantine($file), $GOTMLS_file_contents);
|
| 579 |
+
}
|
| 580 |
|
| 581 |
function GOTMLS_quarantine($file = __FILE__) {
|
| 582 |
if (!(isset($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) && is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))) {
|
| 584 |
$err403 = GOTMLS_html_tags(array("html" => array("head" => array("title" => "403 Forbidden"), "body" => "<h1>Forbidden</h1>\n<p>You don't have permission to access this directory.</p>")));
|
| 585 |
$recoveryPHP = '<'.'?php
|
| 586 |
if ((isset($_SERVER["SCRIPT_FILENAME"]) && strlen($_SERVER["SCRIPT_FILENAME"]) > strlen(basename(__FILE__)) && substr(__FILE__, -1 * strlen($_SERVER["SCRIPT_FILENAME"])) == substr($_SERVER["SCRIPT_FILENAME"], -1 * strlen(__FILE__))) || !defined("GOTMLS_plugin_path"))
|
| 587 |
+
die(@base64_decode("'.@base64_encode($err403).'")); // Display the Forbidden Error to anyone trying to browse the quarantine without permission!
|
| 588 |
?'.'>';
|
| 589 |
$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), GOTMLS_trailingslashit($upload['basedir'])).'quarantine';
|
| 590 |
if (!is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) && !@mkdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]))
|
| 626 |
}
|
| 627 |
|
| 628 |
function GOTMLS_readdir($dir, $current_depth = 1) {
|
| 629 |
+
global $GOTMLS_scanfiles, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth, $GOTMLS_total_percent;
|
| 630 |
if ($dir != $GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] || $current_depth == 1) {
|
| 631 |
+
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
|
| 632 |
$entries = GOTMLS_getfiles($dir);
|
| 633 |
if (is_array($entries)) {
|
| 634 |
echo GOTMLS_return_threat("dirs", "wait", $dir).GOTMLS_update_status(sprintf(__("Preparing %s",'gotmls'), str_replace(dirname($GLOBALS["GOTMLS"]["log"]["scan"]["dir"]), "...", $dir)), $GOTMLS_total_percent);
|
| 671 |
}
|
| 672 |
} else
|
| 673 |
echo GOTMLS_return_threat("errors", "blocked", $dir, GOTMLS_error_link(GOTMLS_Failed_to_list_LANGUAGE.' readdir:'.($entries===false?'('.GOTMLS_fileperms($dir).')':$entries)));
|
| 674 |
+
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time']);
|
| 675 |
if ($current_depth-- && $_REQUEST["scan_type"] == "Quick Scan") {
|
| 676 |
$GOTMLS_dir_at_depth[$current_depth]++;
|
| 677 |
for ($GOTMLS_total_percent = 0, $depth = $current_depth; $depth >= 0; $depth--) {
|
index.php
CHANGED
|
@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
|
| 8 |
Contributors: scheeeli, gotmls
|
| 9 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 10 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
| 11 |
-
Version: 4.15.
|
| 12 |
*/
|
| 13 |
if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
|
| 14 |
include(dirname(__FILE__)."/safe-load/index.php");
|
|
@@ -111,7 +111,7 @@ function GOTMLS_enqueue_scripts() {
|
|
| 111 |
}
|
| 112 |
add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
|
| 113 |
function GOTMLS_display_header($optional_box = "") {
|
| 114 |
-
global $GOTMLS_onLoad, $
|
| 115 |
get_currentuserinfo();
|
| 116 |
$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
|
| 117 |
if (isset($_GET["check_site"]) && $_GET["check_site"] == 1)
|
|
@@ -270,7 +270,7 @@ function checkupdateserver(server, divid) {
|
|
| 270 |
if (arguments[2])
|
| 271 |
return setTimeout("stopCheckingDefinitions = checkupdateserver(\'"+arguments[2]+"\',\'"+divid+"\')",15000);
|
| 272 |
else
|
| 273 |
-
return setTimeout("cancelserver(\'"+divid+"\')",'.($
|
| 274 |
}
|
| 275 |
}
|
| 276 |
var IE = document.all?true:false;
|
|
@@ -666,7 +666,7 @@ function GOTMLS_View_Quarantine() {
|
|
| 666 |
}
|
| 667 |
|
| 668 |
function GOTMLS_settings() {
|
| 669 |
-
global $current_user, $wp_version, $GOTMLS_scanfiles, $
|
| 670 |
$GOTMLS_scan_groups = array();
|
| 671 |
$dirs = GOTMLS_explode_dir(__file__);
|
| 672 |
for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
|
|
@@ -913,7 +913,7 @@ var startTime = 0;
|
|
| 913 |
</script>'.GOTMLS_box($_REQUEST["scan_type"].' Status', '<div id="status_text"><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'</div><div id="status_bar"></div><p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"><input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /></p><div id="status_counts"></div><p id="fix_button" style="display: none; text-align: center;"><input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /></p>');
|
| 914 |
$scan_groups_UL = "";
|
| 915 |
foreach ($scan_groups as $scan_name => $scan_group)
|
| 916 |
-
$scan_groups_UL .= "\n<ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"><a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\">X</a><h3>$scan_name</h3>\n".($scan_group=='potential'?'<p> * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').'</p>':($scan_group=='wp_core'?'<p> * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), $wp_version).'</p>':'<br />')).'</ul>';
|
| 917 |
if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
|
| 918 |
GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => $_REQUEST["scan_type"])));
|
| 919 |
echo GOTMLS_box('<div style="float: right;"> ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].') </div>'.__("Scan Details:",'gotmls'), $scan_groups_UL);
|
|
@@ -989,7 +989,7 @@ else if (scanfilesI < scanfilesArKeys.length) {
|
|
| 989 |
divx = document.getElementById("found_scanned");
|
| 990 |
if (divx)
|
| 991 |
divx.appendChild(newscript);
|
| 992 |
-
stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",'.$
|
| 993 |
}
|
| 994 |
}
|
| 995 |
startTime = ('.ceil(time()-$GLOBALS["GOTMLS"]["log"]["scan"]["start"]).'+3);
|
|
@@ -1264,6 +1264,7 @@ window.parent.showhide("GOTMLS_iFrame", true);
|
|
| 1264 |
} elseif (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
|
| 1265 |
$callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
|
| 1266 |
$li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).className='GOTMLS_plugin';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction DeletedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).style.display='none';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
|
|
|
|
| 1267 |
foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
|
| 1268 |
$path = GOTMLS_decode($clean_file);
|
| 1269 |
if (is_file($path)) {
|
|
@@ -1327,7 +1328,7 @@ if (curDiv = window.parent.document.getElementById("div_file")) {
|
|
| 1327 |
}
|
| 1328 |
|
| 1329 |
if (function_exists("is_admin") && is_admin() && ((isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) || (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))))) {
|
| 1330 |
-
@set_time_limit($
|
| 1331 |
GOTMLS_loaded();
|
| 1332 |
GOTMLS_init();
|
| 1333 |
die("\n//PHP to Javascript Error!\n");
|
| 8 |
Contributors: scheeeli, gotmls
|
| 9 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 10 |
Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
|
| 11 |
+
Version: 4.15.17
|
| 12 |
*/
|
| 13 |
if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
|
| 14 |
include(dirname(__FILE__)."/safe-load/index.php");
|
| 111 |
}
|
| 112 |
add_action('admin_enqueue_scripts', 'GOTMLS_enqueue_scripts');
|
| 113 |
function GOTMLS_display_header($optional_box = "") {
|
| 114 |
+
global $GOTMLS_onLoad, $wp_version, $current_user;
|
| 115 |
get_currentuserinfo();
|
| 116 |
$GOTMLS_url_parts = explode('/', GOTMLS_siteurl);
|
| 117 |
if (isset($_GET["check_site"]) && $_GET["check_site"] == 1)
|
| 270 |
if (arguments[2])
|
| 271 |
return setTimeout("stopCheckingDefinitions = checkupdateserver(\'"+arguments[2]+"\',\'"+divid+"\')",15000);
|
| 272 |
else
|
| 273 |
+
return setTimeout("cancelserver(\'"+divid+"\')",'.($GLOBALS["GOTMLS"]["tmp"]['execution_time']+1).'000+3000);
|
| 274 |
}
|
| 275 |
}
|
| 276 |
var IE = document.all?true:false;
|
| 666 |
}
|
| 667 |
|
| 668 |
function GOTMLS_settings() {
|
| 669 |
+
global $current_user, $wp_version, $GOTMLS_scanfiles, $GOTMLS_skip_dirs, $GOTMLS_dirs_at_depth, $GOTMLS_dir_at_depth;
|
| 670 |
$GOTMLS_scan_groups = array();
|
| 671 |
$dirs = GOTMLS_explode_dir(__file__);
|
| 672 |
for ($SL=0;$SL<intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);$SL++)
|
| 913 |
</script>'.GOTMLS_box($_REQUEST["scan_type"].' Status', '<div id="status_text"><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="..."> '.GOTMLS_Loading_LANGUAGE.'</div><div id="status_bar"></div><p id="pause_button" style="display: none; position: absolute; left: 0; text-align: center; margin-left: -30px; padding-left: 50%;"><input type="button" value="Pause" class="button-primary" onclick="pauseresume(this);" id="resume_button" /></p><div id="status_counts"></div><p id="fix_button" style="display: none; text-align: center;"><input id="repair_button" type="submit" value="'.GOTMLS_Automatically_Fix_LANGUAGE.'" class="button-primary" onclick="loadIframe(\'Examine Results\');" /></p>');
|
| 914 |
$scan_groups_UL = "";
|
| 915 |
foreach ($scan_groups as $scan_name => $scan_group)
|
| 916 |
+
$scan_groups_UL .= "\n<ul name=\"found_$scan_group\" id=\"found_$scan_group\" class=\"GOTMLS_plugin $scan_group\" style=\"background-color: #ccc; display: none; padding: 0;\"><a class=\"rounded-corners\" name=\"link_$scan_group\" style=\"float: right; padding: 0 4px; margin: 5px 5px 0 30px; line-height: 16px; text-decoration: none; color: #C00; background-color: #FCC; border: solid #F00 1px;\" href=\"#found_top\" onclick=\"showhide('found_$scan_group');\">X</a><h3>$scan_name</h3>\n".($scan_group=='potential'?'<p> * '.__("NOTE: These are probably not malicious scripts (but it's a good place to start looking <u>IF</u> your site is infected and no Known Threats were found).",'gotmls').'</p>':($scan_group=='wp_core'?'<p> * '.sprintf(__("NOTE: We have detected changes to the WordPress Core files on your site. This could be an intentional modification or the malicious work of a hacker. We can restore these files to their original state to preserve the integrity of your original WordPress %s installation.",'gotmls'), $wp_version).' (for more info <a target="_blank" href="http://gotmls.net/tag/wp-core-files/">'.__("read my blog",'gotmls').'</a>).</p>':'<br />')).'</ul>';
|
| 917 |
if (!($dir = implode(GOTMLS_slash(), array_slice($dirs, 0, -1 * (2 + $_REQUEST["scan_what"]))))) $dir = "/";
|
| 918 |
GOTMLS_update_scan_log(array("scan" => array("dir" => $dir, "start" => time(), "type" => $_REQUEST["scan_type"])));
|
| 919 |
echo GOTMLS_box('<div style="float: right;"> ('.$GLOBALS["GOTMLS"]["log"]["scan"]["dir"].') </div>'.__("Scan Details:",'gotmls'), $scan_groups_UL);
|
| 989 |
divx = document.getElementById("found_scanned");
|
| 990 |
if (divx)
|
| 991 |
divx.appendChild(newscript);
|
| 992 |
+
stopScanning=setTimeout("scanNextDir("+(scanfilesI++)+")",'.$GLOBALS["GOTMLS"]["tmp"]['execution_time'].'000);
|
| 993 |
}
|
| 994 |
}
|
| 995 |
startTime = ('.ceil(time()-$GLOBALS["GOTMLS"]["log"]["scan"]["start"]).'+3);
|
| 1264 |
} elseif (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
|
| 1265 |
$callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
|
| 1266 |
$li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).className='GOTMLS_plugin';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction DeletedFile(file) {\n filesFixed++;\nwindow.parent.document.getElementById('list_'+file).style.display='none';\nwindow.parent.document.getElementById('check_'+file).checked=false;\n }\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/*<!--*"."/";
|
| 1267 |
+
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
|
| 1268 |
foreach ($_REQUEST["GOTMLS_fix"] as $clean_file) {
|
| 1269 |
$path = GOTMLS_decode($clean_file);
|
| 1270 |
if (is_file($path)) {
|
| 1328 |
}
|
| 1329 |
|
| 1330 |
if (function_exists("is_admin") && is_admin() && ((isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) || (isset($_GET["GOTMLS_scan"]) && is_dir(GOTMLS_decode($_GET["GOTMLS_scan"]))))) {
|
| 1331 |
+
@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] - 5);
|
| 1332 |
GOTMLS_loaded();
|
| 1333 |
GOTMLS_init();
|
| 1334 |
die("\n//PHP to Javascript Error!\n");
|
readme.txt
CHANGED
|
@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
|
|
| 5 |
Contributors: scheeeli, gotmls
|
| 6 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 7 |
Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
|
| 8 |
-
Version: 4.15.
|
| 9 |
-
Stable tag: 4.15.
|
| 10 |
Requires at least: 3.3
|
| 11 |
-
Tested up to: 4.2
|
| 12 |
|
| 13 |
This Anti-Malware plugin searches for Malware and other Virus like threats and security vulnerabilities on your server and it helps you remove them.
|
| 14 |
|
|
@@ -24,7 +24,7 @@ This Anti-Malware plugin searches for Malware and other Virus like threats and s
|
|
| 24 |
* Run a Complete Scan from the Settings Page.
|
| 25 |
* Download Definition Updates to protect against new threats.
|
| 26 |
|
| 27 |
-
Updated
|
| 28 |
|
| 29 |
Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
|
| 30 |
|
|
@@ -89,6 +89,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
|
|
| 89 |
|
| 90 |
== Changelog ==
|
| 91 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 92 |
= 4.15.16 =
|
| 93 |
* Created an automatic update feature that downloads any new definition updates before starting the scan.
|
| 94 |
* Added WordPress Core files to the new definitions update process and included a scan option to check the integrity of the Core files.
|
|
@@ -314,8 +319,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
|
|
| 314 |
|
| 315 |
== Upgrade Notice ==
|
| 316 |
|
|
|
|
|
|
|
|
|
|
| 317 |
= 4.15.16 =
|
| 318 |
-
Created definition
|
| 319 |
|
| 320 |
= 4.14.65 =
|
| 321 |
Fixed a problem with deleting files from the Quarantine folder, added more descriptive errors and a link to restore the default location of the Examine Results window.
|
| 5 |
Contributors: scheeeli, gotmls
|
| 6 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
|
| 7 |
Tags: anti-malware, security, plugin, scan, automatic, repair, remove, malware, virus, threat, hacked, malicious, scripts, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
|
| 8 |
+
Version: 4.15.17
|
| 9 |
+
Stable tag: 4.15.17
|
| 10 |
Requires at least: 3.3
|
| 11 |
+
Tested up to: 4.2.1
|
| 12 |
|
| 13 |
This Anti-Malware plugin searches for Malware and other Virus like threats and security vulnerabilities on your server and it helps you remove them.
|
| 14 |
|
| 24 |
* Run a Complete Scan from the Settings Page.
|
| 25 |
* Download Definition Updates to protect against new threats.
|
| 26 |
|
| 27 |
+
Updated May 1st
|
| 28 |
|
| 29 |
Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
|
| 30 |
|
| 89 |
|
| 90 |
== Changelog ==
|
| 91 |
|
| 92 |
+
= 4.15.17
|
| 93 |
+
* Extended execution_time during the Fix process to increase the number of files that could be fixed at a time.
|
| 94 |
+
* Added a Quarantine log to the database.
|
| 95 |
+
* Fixed a couple of minor bugs that would throw PHP notices.
|
| 96 |
+
|
| 97 |
= 4.15.16 =
|
| 98 |
* Created an automatic update feature that downloads any new definition updates before starting the scan.
|
| 99 |
* Added WordPress Core files to the new definitions update process and included a scan option to check the integrity of the Core files.
|
| 319 |
|
| 320 |
== Upgrade Notice ==
|
| 321 |
|
| 322 |
+
= 4.15.17
|
| 323 |
+
Extended execution_time during the Fix process, added a Quarantine log to the database, and fixed a couple of minor bugs.
|
| 324 |
+
|
| 325 |
= 4.15.16 =
|
| 326 |
+
Created automatic definition updates that include WordPress Core files for integrity checking and whitelisting, made more improvements to the Brute-Force protection patch, and a few other cosmetic changes and minor bug fixes.
|
| 327 |
|
| 328 |
= 4.14.65 =
|
| 329 |
Fixed a problem with deleting files from the Quarantine folder, added more descriptive errors and a link to restore the default location of the Examine Results window.
|
safe-load/index.php
CHANGED
|
@@ -12,5 +12,5 @@ foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_
|
|
| 12 |
$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
|
| 13 |
foreach (array("log") as $var)
|
| 14 |
$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
|
| 15 |
-
header("location: http://safe-load.gotmls.net/report.php?ver=4.15.
|
| 16 |
die();
|
| 12 |
$_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
|
| 13 |
foreach (array("log") as $var)
|
| 14 |
$_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
|
| 15 |
+
header("location: http://safe-load.gotmls.net/report.php?ver=4.15.17".$_SESSION["GOTMLS_detected_attacks"]);
|
| 16 |
die();
|
