Anti-Malware Security and Brute-Force Firewall

Version Description

Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.15.28
Comparing to
See all releases

Code changes from version 4.15.27 to 4.15.28

Files changed (4) hide show

images/index.php +49 -48
index.php +29 -35
languages/gotmls.pot +16 -1
readme.txt +11 -5

images/index.php CHANGED Viewed

	@@ -68,11 +68,11 @@ if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && preg_match('\|(.*?
68	if (is_file(GOTMLS_plugin_path."safe-load/session.php"))
69	require_once(GOTMLS_plugin_path."safe-load/session.php");
70	if (isset($_SESSION["GOTMLS_SESSION_TEST"]))
71	- die("/* GOTMLS SESSION PASS */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nshowhide('GOTMLS_patch_searching', true);\~~nshowhide~~('GOTMLS_patch_searching');\~~nshowhide~~('GOTMLS_patch_button', true);\n");
72	else {
73	$_SESSION["GOTMLS_SESSION_TEST"] = $_GET["SESSION"] + 1;
74	if ($_GET["SESSION"] > 0)
75	- die("/* GOTMLS SESSION FAIL */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\ndocument.getElementById('GOTMLS_patch_searching').innerHTML = '<div class=\"error\">Your Server could not start a Session~~!</~~div>';");
76	else
77	die("/* GOTMLS SESSION TEST */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nstopCheckingSession = checkupdateserver('".$match[0].$_SESSION["GOTMLS_SESSION_TEST"]."', 'GOTMLS_patch_searching');");
78	}
	@@ -85,7 +85,6 @@ if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && preg_match('\|(.*?
85	} elseif (isset($_GET["no_error_reporting"]))
86	@error_reporting(0);
87
88	- //GOTMLS_define("GOTMLS_Skip_Quarantine_LANGUAGE", __("Skip scanning the Quarantine:",'gotmls'));
89	GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
90	GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Quick Scan",'gotmls'));
91	GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));
	@@ -255,38 +254,50 @@ function GOTMLS_get_ext($filename) {
255	return strtolower($nameparts[(count($nameparts)-1)]);
256	}
257















258	function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
259	global $wp_version;
260	$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();

261	if (is_array($check_threats)) {
262	$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
263	if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats["$wp_version"]["$path"])) {
264	if (($check_threats["$wp_version"]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($check_threats["$wp_version"]["$path"] == md5($source)."O".strlen($source))) {
265	- ~~for (~~$~~start~~ = 0, $~~end = 0, $len = strlen($~~source); ~~($start == 0 \|\| $end == 0) && $len > 0; $len--){~~




266	if ($start == 0 && substr($source, 0, $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], 0, $len))
267	$start = $len;
268	if ($end == 0 && substr($source, -1 * $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], -1 * $len))
269	$end = $len;
270	}
271	- ~~if (!((~~$~~start + $end < strlen($~~GLOBALS["GOTMLS"]["tmp"]["~~file_contents~~"]~~)) && (~~$~~find =~~ (~~$end?substr~~($GLOBALS["GOTMLS"]["tmp"]["file_contents"], ~~$start,~~ -1 * ~~$end):substr($GLOBALS[~~"~~GOTMLS"]["tmp"]["file_contents"], $start)))))~~
272	- $find = $GLOBALS["GOTMLS"]["tmp"]["file_contents"];
273	- $GLOBALS["GOTMLS"]["tmp"]["threats_found"]["$find"] = "Core File Modified";
274	- $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
275	}
276	} else {
277	foreach ($check_threats as $threat_name=>$threat_definitions) {
278	- ~~if (isset(~~$~~_SESSION["GOTMLS_debug"]) && is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5 && (!(isset($~~GLOBALS["GOTMLS"]["~~tmp~~"]["~~settings_array~~"]["~~dont_check~~"]) && ~~is_array~~(~~$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]~~) ~~&& in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"])))) {~~




279	$_SESSION["GOTMLS_debug"]["threat_name"] = $threat_name;
280	- $~~_SESSION~~["~~GOTMLS_debug~~"]["~~last~~"]["~~threat_name~~"] ~~= microtime(true~~);
281	- while ($threat_definition = array_shift($threat_definitions)) {
282	- if ($found = @preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found)) {
283	- foreach ($threats_found[0] as $find) {
284	- $GLOBALS["GOTMLS"]["tmp"]["threats_found"][$find] = $threat_name;
285	- $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = str_replace($find, "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
286	- }
287	- }
288	- }
289	- $file_time = round(microtime(true) - $_SESSION["GOTMLS_debug"]["last"]["threat_name"], 5);
290	if (isset($_GET["GOTMLS_debug"]) && is_numeric($_GET["GOTMLS_debug"]) && $file_time > $_GET["GOTMLS_debug"])
291	echo "\n//GOTMLS_debug $file_time $threat_name $file\n";
292	if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"]))
	@@ -301,26 +312,13 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
301	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"] = $file_time;
302	if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"]) \|\| $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])
303	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;
304	- } elseif (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5) {
305	- while ($threat_definition = array_shift($threat_definitions)) {
306	- if ($found = @preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found)) {
307	- foreach ($threats_found[0] as $find) {
308	- $GLOBALS["GOTMLS"]["tmp"]["threats_found"][$find] = $threat_name;
309	- $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = str_replace($find, "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
310	- }
311	- }
312	- }
313	}
314	}
315	}
316	- } elseif (strlen($check_threats) && isset($_GET['eli']) && substr($check_threats, 0, 1) == '/' ~~&& ($found = preg_match_all($check_threats, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found~~)~~)) {~~
317	- ~~foreach~~ ($~~threats_found[0]~~ as $~~find~~) {
318	- $GLOBALS["GOTMLS"]["tmp"]["threats_found"][$find] = $check_threats;
319	- $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = str_replace($find, "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
320	- }
321	- }
322	if (isset($_SESSION["GOTMLS_debug"])) {
323	- $file_time = round(microtime(true) - $~~_SESSION~~["~~GOTMLS_debug~~"]["~~last~~"]["~~threat_level~~"], 5);
324	if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"]))
325	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] += $file_time;
326	else
	@@ -338,7 +336,7 @@ function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
338	}
339
340	function GOTMLS_scanfile($file) {
341	- global $wp_version, $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
342	$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
343	$gt = ">";
344	$lt = "<";
	@@ -401,7 +399,7 @@ function GOTMLS_scanfile($file) {
401	$className = "errors";
402	}
403	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
404	- $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left;"'.$gt.'Examine File ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_strip4java($file)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
405	if ($className == "errors") {
406	$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
407	$imageFile = "/blocked";
	@@ -427,11 +425,11 @@ function GOTMLS_scanfile($file) {
427	else
428	$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = "";
429	}
430	- if (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && (GOTMLS_write_quarantine($file, $className) !== false) && ((strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"])==0 && isset($_GET["eli"]) && @unlink($file)) \|\| (GOTMLS_file_put_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"]) !== false))) {
431	echo __("Success!",'gotmls');
432	return "/--{$gt}"."/\nfixedFile('$clean_file');\n/{$lt}!--"."/";
433	} else {
434	- echo __("Failed:",'gotmls').' '.(strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])?((is_writable(dirname($file)) && is_writable($file))?__("reason unknown!",'gotmls'):__("file not writable!",'gotmls')):__("no file contents!",'gotmls'));
435	if (isset($_GET["eli"]))
436	echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().($lt.'br'.$gt.$lt.'pre'.$gt.'file_stat'.print_r(stat($file), true));
437	return "/--{$gt}"."/\nfailedFile('$clean_file');\n/{$lt}!--"."/";
	@@ -542,8 +540,8 @@ function GOTMLS_html_tags($tags, $inner = array()) {
542	}
543
544	function GOTMLS_write_quarantine($file, $className) {
545	- global $wpdb~~, $current_user~~;
546	- $insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]));
547	$insert["post_date"] = date("Y-m-d H:i:s");
548	$insert["post_date_gmt"] = $insert["post_date"];
549	if (is_file($file)) {
	@@ -561,7 +559,7 @@ function GOTMLS_write_quarantine($file, $className) {
561	if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
562	$insert["post_excerpt"] = GOTMLS_encode(@serialize($GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
563	$pinged = array();
564	- foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threat_name) {
565	if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) == 5 && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]))
566	$ping = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1];
567	else
	@@ -573,15 +571,18 @@ function GOTMLS_write_quarantine($file, $className) {
573	}
574	$insert["pinged"] = GOTMLS_encode(@serialize($pinged));
575	}
576	- return $wpdb->insert($wpdb->posts, $insert)~~;//! comment_status post_password post_name to_ping post_parent guid menu_order";~~



577	}
578
579	function GOTMLS_get_current_user_id() {
580	global $current_user;
581	- ~~if (~~$~~current_user~~ = ~~@get_current_user())~~
582	- ~~return~~ $current_user->ID;
583	- ~~else~~
584	- return 1;
585	}
586
587	function GOTMLS_update_status($status, $percent = -1) {
	@@ -705,7 +706,7 @@ function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {
705	if (is_numeric($file) && isset($post->post_title))
706	$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine Quarantined File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($post->post_title)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$file);
707	elseif ($file)
708	- $onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.GOTMLS_encode($file));
709	else
710	$onclick = 'return false;';
711	return "<a title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";


68	if (is_file(GOTMLS_plugin_path."safe-load/session.php"))
69	require_once(GOTMLS_plugin_path."safe-load/session.php");
70	if (isset($_SESSION["GOTMLS_SESSION_TEST"]))
71	+ die("/* GOTMLS SESSION PASS */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nshowhide('GOTMLS_patch_searching', true);\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) \|\| donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and made a donation to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is currently only available to those who have made a donation!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_patch_searching');\n\tshowhide('GOTMLS_patch_button', true);\n}\n");
72	else {
73	$_SESSION["GOTMLS_SESSION_TEST"] = $_GET["SESSION"] + 1;
74	if ($_GET["SESSION"] > 0)
75	+ die("/* GOTMLS SESSION FAIL */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\ndocument.getElementById('GOTMLS_patch_searching').innerHTML = '<div class=\"error\">".__("Your Server could not start a Session!",'gotmls')."</div>';");
76	else
77	die("/* GOTMLS SESSION TEST */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nstopCheckingSession = checkupdateserver('".$match[0].$_SESSION["GOTMLS_SESSION_TEST"]."', 'GOTMLS_patch_searching');");
78	}

85	} elseif (isset($_GET["no_error_reporting"]))
86	@error_reporting(0);
87

88	GOTMLS_define("GOTMLS_Failed_to_list_LANGUAGE", __("Failed to list files in directory!",'gotmls'));
89	GOTMLS_define("GOTMLS_Run_Quick_Scan_LANGUAGE", __("Quick Scan",'gotmls'));
90	GOTMLS_define("GOTMLS_View_Quarantine_LANGUAGE", __("View Quarantine",'gotmls'));

254	return strtolower($nameparts[(count($nameparts)-1)]);
255	}
256
257	+ function GOTMLS_preg_match_all($threat_definition, $threat_name) {
258	+ if (@preg_match_all($threat_definition, $GLOBALS["GOTMLS"]["tmp"]["file_contents"], $threats_found)) {
259	+ $start = -1;
260	+ foreach ($threats_found[0] as $find) {
261	+ $potential_threat = str_replace("\r", "", $find);
262	+ $flen = strlen($potential_threat);
263	+ while (($start = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), $potential_threat, $start+1)) !== false)
264	+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"]["$start-".($flen+$start)] = "$threat_name";
265	+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = str_replace($find, "", $GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
266	+ }
267	+ return count($GLOBALS["GOTMLS"]["tmp"]["threats_found"]);
268	+ } else
269	+ return false;
270	+ }
271	+
272	function GOTMLS_check_threat($check_threats, $file='UNKNOWN') {
273	global $wp_version;
274	$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
275	+ $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);
276	if (is_array($check_threats)) {
277	$path = str_replace("//", "/", "/".str_replace("\\", "/", substr($file, strlen(ABSPATH))));
278	if (substr($file, 0, strlen(ABSPATH)) == ABSPATH && isset($check_threats["$wp_version"]["$path"])) {
279	if (($check_threats["$wp_version"]["$path"] != md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"])."O".strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])) && ($source = GOTMLS_get_URL("http://core.svn.wordpress.org/tags/$wp_version$path")) && ($check_threats["$wp_version"]["$path"] == md5($source)."O".strlen($source))) {
280	+ $GLOBALS["GOTMLS"]["tmp"]["new_contents"] = $source;
281	+ $len = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
282	+ if (strlen($source) < $len)
283	+ $len = strlen($source);
284	+ for ($start = 0, $end = 0; ($start == 0 \|\| $end == 0) && $len > 0; $len--){
285	if ($start == 0 && substr($source, 0, $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], 0, $len))
286	$start = $len;
287	if ($end == 0 && substr($source, -1 * $len) == substr($GLOBALS["GOTMLS"]["tmp"]["file_contents"], -1 * $len))
288	$end = $len;
289	}
290	+ $GLOBALS["GOTMLS"]["tmp"]["threats_found"]["$start-".(strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])-$end)] = "Core File Modified";



291	}
292	} else {
293	foreach ($check_threats as $threat_name=>$threat_definitions) {
294	+ $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"] = microtime(true);
295	+ if (is_array($threat_definitions) && count($threat_definitions) > 1 && strlen(array_shift($threat_definitions)) == 5 && (!(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]) && in_array($threat_name, $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"]))))
296	+ while ($threat_definition = array_shift($threat_definitions))
297	+ GOTMLS_preg_match_all($threat_definition, $threat_name);
298	+ if (isset($_SESSION["GOTMLS_debug"])) {
299	$_SESSION["GOTMLS_debug"]["threat_name"] = $threat_name;
300	+ $file_time = round(microtime(true) - $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"], 5);









301	if (isset($_GET["GOTMLS_debug"]) && is_numeric($_GET["GOTMLS_debug"]) && $file_time > $_GET["GOTMLS_debug"])
302	echo "\n//GOTMLS_debug $file_time $threat_name $file\n";
303	if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["total"]))

312	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["least"] = $file_time;
313	if (!isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"]) \|\| $file_time > $_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"])
314	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_name"]]["most"] = $file_time;









315	}
316	}
317	}
318	+ } elseif (strlen($check_threats) && isset($_GET['eli']) && substr($check_threats, 0, 1) == '/')
319	+ GOTMLS_preg_match_all($check_threats, $check_threats);




320	if (isset($_SESSION["GOTMLS_debug"])) {
321	+ $file_time = round(microtime(true) - $GLOBALS["GOTMLS"]["log"]["scan"]["last_threat"], 5);
322	if (isset($_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"]))
323	$_SESSION["GOTMLS_debug"][$_SESSION["GOTMLS_debug"]["threat_level"]]["total"] += $file_time;
324	else

336	}
337
338	function GOTMLS_scanfile($file) {
339	+ global $wp_version, $wpdb, $GOTMLS_chmod_file, $GOTMLS_chmod_dir;
340	$GLOBALS["GOTMLS"]["tmp"]["threats_found"] = array();
341	$gt = ">";
342	$lt = "<";

399	$className = "errors";
400	}
401	if (count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
402	+ $threat_link = $lt.'a target="GOTMLS_iFrame" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$clean_file.preg_replace('/\&(GOTMLS_scan\|mt\|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"")).'" id="list_'.$clean_file.'" onclick="loadIframe(\''.str_replace("\"", """, $lt.'div style="float: left;"'.$gt.'Examine File ... '.$lt.'/div'.$gt.$lt.'div style="overflow: hidden; position: relative; height: 20px;"'.$gt.$lt.'div style="position: absolute; right: 0px; text-align: right; width: 9000px;"'.$gt.GOTMLS_strip4java($file)).$lt.'/div'.$gt.$lt.'/div'.$gt.'\');" class="GOTMLS_plugin"'.$gt;
403	if ($className == "errors") {
404	$threat_link = GOTMLS_error_link($GLOBALS["GOTMLS"]["tmp"]["file_contents"], $file);
405	$imageFile = "/blocked";

425	else
426	$GLOBALS["GOTMLS"]["tmp"]["new_contents"] = "";
427	}
428	+ if (strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]) > 0 && (($Q_post = GOTMLS_write_quarantine($file, $className)) !== false) && ((strlen($GLOBALS["GOTMLS"]["tmp"]["new_contents"])==0 && isset($_GET["eli"]) && @unlink($file)) \|\| (($Write_File = GOTMLS_file_put_contents($file, $GLOBALS["GOTMLS"]["tmp"]["new_contents"])) !== false))) {
429	echo __("Success!",'gotmls');
430	return "/--{$gt}"."/\nfixedFile('$clean_file');\n/{$lt}!--"."/";
431	} else {
432	+ echo __("Failed:",'gotmls').' '.(strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"])?((is_writable(dirname($file)) && is_writable($file))?(($Q_post===false)?__("failed to quarantine!",'gotmls')." (".$wpdb->last_error.")":((isset($Write_File)&&$Write_File)?"Q=$Q_post: ".__("reason unknown!",'gotmls'):"Q=$Q_post: ".__("failed to write!",'gotmls'))):__("file not writable!",'gotmls')):__("no file contents!",'gotmls'));
433	if (isset($_GET["eli"]))
434	echo 'uid='.getmyuid().'('.get_current_user().'),gid='.getmygid().($lt.'br'.$gt.$lt.'pre'.$gt.'file_stat'.print_r(stat($file), true));
435	return "/--{$gt}"."/\nfailedFile('$clean_file');\n/{$lt}!--"."/";

540	}
541
542	function GOTMLS_write_quarantine($file, $className) {
543	+ global $wpdb;
544	+ $insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]));//! comment_status post_password post_name to_ping post_parent guid menu_order";
545	$insert["post_date"] = date("Y-m-d H:i:s");
546	$insert["post_date_gmt"] = $insert["post_date"];
547	if (is_file($file)) {

559	if (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
560	$insert["post_excerpt"] = GOTMLS_encode(@serialize($GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
561	$pinged = array();
562	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $loc => $threat_name) {
563	if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) && isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]) && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][0]) == 5 && strlen($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1]))
564	$ping = $GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["$className"]["$threat_name"][1];
565	else

571	}
572	$insert["pinged"] = GOTMLS_encode(@serialize($pinged));
573	}
574	+ if ($return = $wpdb->insert($wpdb->posts, $insert))
575	+ return $return;
576	+ else
577	+ die(print_r(array('return'=>($return===false)?"FALSE":$return, 'last_error'=>$wpdb->last_error, 'insert'=>$insert),1));
578	}
579
580	function GOTMLS_get_current_user_id() {
581	global $current_user;
582	+ $return = 1;
583	+ if (($current_user = @get_current_user()) && (@$current_user->ID > 1))
584	+ $return = $current_user->ID;
585	+ return $return;
586	}
587
588	function GOTMLS_update_status($status, $percent = -1) {

706	if (is_numeric($file) && isset($post->post_title))
707	$onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine Quarantined File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($post->post_title)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.$file);
708	elseif ($file)
709	+ $onclick = 'loadIframe(\''.str_replace("\"", """, '<div style="float: left; white-space: nowrap;">'.__("Examine File",'gotmls').' ... </div><div style="overflow: hidden; position: relative; height: 20px;"><div style="position: absolute; right: 0px; text-align: right; width: 9000px;">'.GOTMLS_strip4java($file)).'</div></div>\');" href="'.admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan='.GOTMLS_encode($file).preg_replace('/\&(GOTMLS_scan\|mt\|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:""));
710	else
711	$onclick = 'return false;';
712	return "<a title=\"$errorTXT\" target=\"GOTMLS_iFrame\" onclick=\"$onclick\" class=\"GOTMLS_plugin $class\">";

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.15.27
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -134,7 +134,7 @@ function GOTMLS_display_header($optional_box = "") {
134	$Update_Link .= "\">$new_version</a></div>";
135	$Update_Div ='<div id="findUpdates" style="display: none;"><center>'.__("Searching for updates ...",'gotmls').'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>';
136	echo '
137	- span.GOTMLS_date {float: right; width: ~~120px~~; white-space: nowrap;}
138	.GOTMLS_quarantine_item {margin: 4px 12px;}
139	.rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
140	.shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}
	@@ -609,13 +609,11 @@ function GOTMLS_get_whitelists() {
609	} else
610	$updated = "Unknown";
611	$Q_Page .= '<li style="margin: 4px 12px;"><span class="GOTMLS_date">'.count($non_threats).'</span><span class="GOTMLS_date">'.$updated."</span>$file</li>\n";
612	- //if (is_array($non_threats) && count($non_threats)) $Q_Page .= print_r($non_threats, 1);
613	}
614	if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"])) {
615	$Q_Page .= '<h3>'.__("WordPress Core files",'gotmls').'<span class="GOTMLS_date">'.__("# of files",'gotmls').'</span></h3>';
616	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"] as $ver => $files) {
617	$Q_Page .= '<li style="margin: 4px 12px;"><span class="GOTMLS_date">'.count($files)."</span>Version $ver</li>\n";
618	- //if (is_array($non_threats) && count($non_threats)) $Q_Page .= print_r($non_threats, 1);
619	}
620	}
621	$Q_Page .= "</ul>";
	@@ -665,7 +663,7 @@ function GOTMLS_get_quarantine($only = false) {
665	rmdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
666	}
667	$Q_Page = '
668	- <form method="POST" action="'.admin_url('admin-ajax.php').'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
669	$args = array('posts_per_page' => -1, 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
670	if (is_numeric($only))
671	return get_post($only, ARRAY_A);
	@@ -833,7 +831,7 @@ function GOTMLS_settings() {
833	$scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts;
834	}
835	$scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}".((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])?"\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n":"")."$lt/script$gt";
836	- $scan_opts = "\n$lt".'form method="POST" name="GOTMLS_Form" ~~action="~~'~~.admin_url('admin.php?page=GOTMLS-settings').'"'~~.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.'
837	'.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
838	'.$lt.'div style="padding: 0 30px;"'.$gt;
839	foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {
	@@ -957,7 +955,7 @@ function update_status(title, time) {
957	if ($MAX++ == 6) {
958	$quarantineCountOnly = GOTMLS_get_quarantine(true);
959	$vars .= ", $scan_group=$quarantineCountOnly";
960	- echo "/--{$gt}"."/\n\tif ($scan_group > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '</ul><ul style=\"text-align: left;\"><li class=\"GOTMLS_li\"><a href=\"admin.php?page=GOTMLS-View-Quarantine\" class=\"GOTMLS_plugin".(~~/(isset($GLOBALS[~~"~~GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["skip_quarantine"])?" potential\" title=\"".GOTMLS_Skip_Quarantine_LANGUAGE:/"~~'+scan_state+'\" title=\"".GOTMLS_View_Quarantine_LANGUAGE)."\">'+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/{$lt}!--"."/";
961	$found = "Found ";
962	$fix_button_js = "\n\t\tdis='block';";
963	} else {
	@@ -986,7 +984,7 @@ var startTime = 0;
986	if (!isset($_REQUEST["scan_type"]))
987	$_REQUEST["scan_type"] = "Complete Scan";
988	update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
989	- echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php').'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
990	foreach ($_POST as $name => $value) {
991	if (substr($name, 0, 10) != 'GOTMLS_fix') {
992	if (is_array($value)) {
	@@ -1045,7 +1043,7 @@ var startTime = 0;
1045	echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
1046	else {
1047	echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))."/--{$gt}"."/";
1048	- echo "\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."');".'
1049	var scanfilesI = 0;
1050	var stopScanning;
1051	var gotStuckOn = "";
	@@ -1153,10 +1151,7 @@ showhide("pause_button", true);'."\n/{$lt}!--"."/";
1153	$sec_opts = '
1154	'.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Revolution Slider Exploit Protection (Automatically Enabled)'.$lt.'/b'.$gt.$lt.'/p'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').$lt.'/div'.$gt.$lt.'hr /'.$gt.'
1155	'.$patch_action.'
1156	- '.$lt.'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'p style="float: right;"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/p'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.'   * '.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls').$lt.'/a'.$gt.'.'~~.$lt~~.'~~/div~~'~~.$gt.$~~lt.'/~~form'.$~~gt.'
1157	- '.$lt.'script type="text/javascript"'.$gt.'
1158	- stopCheckingSession = checkupdateserver("'.GOTMLS_images_path.'gotmls.js?SESSION=0", "GOTMLS_patch_searching");
1159	- '.$lt.'/script'.$gt;
1160	$admin_notice = "";
1161	if ($current_user->user_login == "admin") {
1162	$admin_notice .= $lt.'hr /'.$gt.'
	@@ -1359,20 +1354,23 @@ function GOTMLS_ajax_scan() {
1359	}
1360	} elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
1361	$f = 1;
1362	- foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found~~=>$~~threats_name) {
1363	- if (~~is_numeric(~~$threats_found)~~) {~~
1364	- $~~threats_found~~ = $~~threats_name;~~
1365	- $threats_name = $f;
1366	- }
1367	- $~~fpos~~ ~~= 0;~~
1368	- $~~flen~~ = 0;
1369	- $~~potential_threat~~ = ~~str_replace("\r", "",~~ $~~threats_found)~~;
1370	- ~~while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {~~
1371	- $~~flen~~ = ~~strlen($potential_threat)~~;
1372	- $fa ~~.= ' <a title~~=~~"'.htmlspecialchars($threats_name).'"~~ ~~href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).')~~;~~">['.$f++.']</a>';~~





1373	}
1374	- if (0 == $flen)
1375	- $fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'}';
1376	}
1377	}
1378	foreach ($decode_list as $decode => $regex)
	@@ -1429,15 +1427,11 @@ function GOTMLS_ajax_scan() {
1429	} elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1430	$f = 1;
1431	foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found=>$threats_name) {
1432	- $~~fpos~~ = 0;
1433	- $~~flen~~ = 0;
1434	- $~~potential_threat~~ = ~~str_replace~~("\r", ""~~, $threats_found~~);
1435	- ~~while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {~~
1436	- $~~flen~~ = ~~strlen~~($~~potential_threat~~);
1437	- $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1438	- }
1439	- if (0 == $flen)
1440	- $fa = 'ERROR['.($f++).']: Threat_size{'.strlen($potential_threat).'} } Content_size{'.strlen(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'}';
1441	}
1442	} else
1443	$fa = " No Threats Found";


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.15.28
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");

134	$Update_Link .= "\">$new_version</a></div>";
135	$Update_Div ='<div id="findUpdates" style="display: none;"><center>'.__("Searching for updates ...",'gotmls').'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>';
136	echo '
137	+ span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}
138	.GOTMLS_quarantine_item {margin: 4px 12px;}
139	.rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
140	.shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}

609	} else
610	$updated = "Unknown";
611	$Q_Page .= '<li style="margin: 4px 12px;"><span class="GOTMLS_date">'.count($non_threats).'</span><span class="GOTMLS_date">'.$updated."</span>$file</li>\n";

612	}
613	if (isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"])) {
614	$Q_Page .= '<h3>'.__("WordPress Core files",'gotmls').'<span class="GOTMLS_date">'.__("# of files",'gotmls').'</span></h3>';
615	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["wp_core"] as $ver => $files) {
616	$Q_Page .= '<li style="margin: 4px 12px;"><span class="GOTMLS_date">'.count($files)."</span>Version $ver</li>\n";

617	}
618	}
619	$Q_Page .= "</ul>";

663	rmdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
664	}
665	$Q_Page = '
666	+ <form method="POST" action="'.admin_url('admin-ajax.php').(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
667	$args = array('posts_per_page' => -1, 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
668	if (is_numeric($only))
669	return get_post($only, ARRAY_A);

831	$scan_whatopts = "\n$lt".'div style="padding: 4px 30px;" id="scan_group_div_'.$mg.'"'.$gt.$lt.'input type="radio" name="scan_what" id="not-only'.$mg.'" value="'.$mg.'"'.($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]==$mg?' checked':'').' /'.$gt.$lt.'a style="text-decoration: none;" href="#scan_what" onclick="showOnly(\''.$mg.'\');document.getElementById(\'not-only'.$mg.'\').checked=true;"'."$gt$GOTMLS_scan_group$lt/a$gt{$lt}br /$gt\n$lt".'div class="rounded-corners" style="position: absolute; display: none; background-color: #CCF; margin: 0; padding: 10px; z-index: 10;" id="only'.$mg.'"'.$gt.$lt.'div style="padding-bottom: 6px;"'.$gt.GOTMLS_close_button('only'.$mg, 0).$lt.'b'.$gt.str_replace(" ", " ", __("Only Scan These Folders:",'gotmls')).$lt.'/b'.$gt.$lt.'/div'.$gt.$scan_whatopts;
832	}
833	$scan_optjs .= "document.getElementById('only'+what).style.display = 'block';\n}".((isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["auto_UPDATE_definitions"])?"\nfunction auto_UPDATE_check() {\n\tif (auto_UPdef_check = document.getElementById('auto_UPDATE_definitions_check'))\n\t\tauto_UPdef_check.checked = true;\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', auto_UPDATE_check)\nelse\n\tdocument.attachEvent('onload', auto_UPDATE_check);\n":"")."$lt/script$gt";
834	+ $scan_opts = "\n$lt".'form method="POST" name="GOTMLS_Form"'.$gt.$lt.'input type="hidden" name="scan_type" id="scan_type" value="Complete Scan" /'.$gt.'
835	'.$lt.'div style="float: left;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("What to look for:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
836	'.$lt.'div style="padding: 0 30px;"'.$gt;
837	foreach ($GLOBALS["GOTMLS"]["tmp"]["threat_levels"] as $threat_level_name=>$threat_level) {

955	if ($MAX++ == 6) {
956	$quarantineCountOnly = GOTMLS_get_quarantine(true);
957	$vars .= ", $scan_group=$quarantineCountOnly";
958	+ echo "/--{$gt}"."/\n\tif ($scan_group > 0)\n\t\tscan_state = ' potential'; \n\telse\n\t\tscan_state = '';\n\tdivHTML += '</ul><ul style=\"text-align: left;\"><li class=\"GOTMLS_li\"><a href=\"admin.php?page=GOTMLS-View-Quarantine\" class=\"GOTMLS_plugin".("'+scan_state+'\" title=\"".GOTMLS_View_Quarantine_LANGUAGE)."\">'+$scan_group+' '+($scan_group==1?('$scan_name').slice(0,-1):'$scan_name')+'</a></li>';\n/{$lt}!--"."/";
959	$found = "Found ";
960	$fix_button_js = "\n\t\tdis='block';";
961	} else {

984	if (!isset($_REQUEST["scan_type"]))
985	$_REQUEST["scan_type"] = "Complete Scan";
986	update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
987	+ echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php').(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
988	foreach ($_POST as $name => $value) {
989	if (substr($name, 0, 10) != 'GOTMLS_fix') {
990	if (is_array($value)) {

1043	echo GOTMLS_update_status(__("Completed!",'gotmls'), 100);
1044	else {
1045	echo GOTMLS_update_status(__("Starting Scan ...",'gotmls'))."/--{$gt}"."/";
1046	+ echo "\nvar scriptSRC = '".admin_url('admin-ajax.php?action=GOTMLS_scan&mt='.$GLOBALS["GOTMLS"]["tmp"]["mt"].preg_replace('/\&(GOTMLS_scan\|mt\|action)=/', '&last_\1=', isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'&GOTMLS_scan=')."';\nvar scanfilesArKeys = new Array('".implode("','", array_keys($GLOBALS["GOTMLS"]["tmp"]["scanfiles"]))."');\nvar scanfilesArNames = new Array('Scanning ".implode("','Scanning ", $GLOBALS["GOTMLS"]["tmp"]["scanfiles"])."');".'
1047	var scanfilesI = 0;
1048	var stopScanning;
1049	var gotStuckOn = "";

1151	$sec_opts = '
1152	'.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Revolution Slider Exploit Protection (Automatically Enabled)'.$lt.'/b'.$gt.$lt.'/p'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').$lt.'/div'.$gt.$lt.'hr /'.$gt.'
1153	'.$patch_action.'
1154	+ '.$lt.'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/div'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.'   * '.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n{$lt}script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";



1155	$admin_notice = "";
1156	if ($current_user->user_login == "admin") {
1157	$admin_notice .= $lt.'hr /'.$gt.'

1354	}
1355	} elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
1356	$f = 1;
1357	+ foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
1358	+ list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1359	+ if (strlen($end) > 0 && is_numeric($start) && is_numeric($end) && $start > $end)
1360	+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1361	+ else {
1362	+ if (is_numeric($threats_found)) {
1363	+ $threats_found = $threats_name;
1364	+ $threats_name = $f;
1365	+ }
1366	+ $fpos = 0;
1367	+ $flen = 0;
1368	+ $potential_threat = str_replace("\r", "", $threats_found);
1369	+ while (($fpos = strpos(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ($potential_threat), $flen + $fpos)) !== false) {
1370	+ $flen = strlen($potential_threat);
1371	+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.($fpos).', '.($fpos + $flen).');">['.$f++.']</a>';
1372	+ }
1373	}


1374	}
1375	}
1376	foreach ($decode_list as $decode => $regex)

1427	} elseif (isset($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"]) && count($GLOBALS["GOTMLS"]["tmp"]["threats_found"])) {
1428	$f = 1;
1429	foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found=>$threats_name) {
1430	+ list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1431	+ if ($start > $end)
1432	+ $fa .= 'ERROR['.($f++).']: Threat_size{'.$threats_found.'} Content_size{'.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'}';
1433	+ else
1434	+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';




1435	}
1436	} else
1437	$fa = " No Threats Found";

languages/gotmls.pot CHANGED Viewed

	@@ -8,7 +8,7 @@ msgid ""
8	msgstr ""
9	"Project-Id-Version: GOTMLS\n"
10	"Report-Msgid-Bugs-To: eli@gotmls.net\n"
11	- "POT-Creation-Date: 2015-06-18 12:35-1000\n"
12	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"
	@@ -405,6 +405,15 @@ msgstr ""
405	msgid "Core File Changes"
406	msgstr ""
407









408	msgid "Failed to list files in directory!"
409	msgstr ""
410
	@@ -464,9 +473,15 @@ msgstr ""
464	msgid "Failed:"
465	msgstr ""
466



467	msgid "reason unknown!"
468	msgstr ""
469



470	msgid "file not writable!"
471	msgstr ""
472


8	msgstr ""
9	"Project-Id-Version: GOTMLS\n"
10	"Report-Msgid-Bugs-To: eli@gotmls.net\n"
11	+ "POT-Creation-Date: 2015-06-29 11:44-1000\n"
12	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"

405	msgid "Core File Changes"
406	msgstr ""
407
408	+ msgid "You must register and made a donation to use this feature!"
409	+ msgstr ""
410	+
411	+ msgid "This feature is currently only available to those who have made a donation!"
412	+ msgstr ""
413	+
414	+ msgid "Your Server could not start a Session!"
415	+ msgstr ""
416	+
417	msgid "Failed to list files in directory!"
418	msgstr ""
419

473	msgid "Failed:"
474	msgstr ""
475
476	+ msgid "failed to quarantine!"
477	+ msgstr ""
478	+
479	msgid "reason unknown!"
480	msgstr ""
481
482	+ msgid "failed to write!"
483	+ msgstr ""
484	+
485	msgid "file not writable!"
486	msgstr ""
487

readme.txt CHANGED Viewed

	@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.15.27
9	- Stable tag: 4.15.27
10	Requires at least: 3.3
11	Tested up to: 4.2.2
12
	@@ -18,7 +18,6 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
18
19	* Automatically remove Known Threats and Back-doors.
20	* Automatically block SoakSoak and other malware from exploiting the Revolution Slider Vulnerability.
21	- * Patch wp-login to block Brute-Force attacks.
22	* Upgrade vulnerable versions of timthumb scripts.
23	* Run a Quick Scan from the admin menu.
24	* Run a Complete Scan from the Settings Page.
	@@ -26,10 +25,11 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
26
27	Premium Features:
28
29	- * ~~Automatically~~ ~~Download~~ ~~Definition~~ ~~Updates~~ ~~When~~ ~~running a Complete Scan~~.
30	* Check the integrity of your WordPress Core files.

31
32	- Updated June ~~18th~~
33
34	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35
	@@ -94,6 +94,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
94
95	== Changelog ==
96



97	= 4.15.27 =
98	* Fixed a major bug that made multisite scan extremely slow and sometimes error out.
99	* Moved all ajax call out of the init function and into their own functions for better handling time.
	@@ -336,6 +339,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
336
337	== Upgrade Notice ==
338



339	= 4.15.27 =
340	Fixed a major bug that made multisite scan extremely slow and moved all ajax call out of the init function and into their own functions.
341


5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.15.28
9	+ Stable tag: 4.15.28
10	Requires at least: 3.3
11	Tested up to: 4.2.2
12

18
19	* Automatically remove Known Threats and Back-doors.
20	* Automatically block SoakSoak and other malware from exploiting the Revolution Slider Vulnerability.

21	* Upgrade vulnerable versions of timthumb scripts.
22	* Run a Quick Scan from the admin menu.
23	* Run a Complete Scan from the Settings Page.

25
26	Premium Features:
27
28	+ * Patch wp-login to block Brute-Force attacks.
29	* Check the integrity of your WordPress Core files.
30	+ * Automatically Download Definition Updates When running a Complete Scan.
31
32	+ Updated June 29th
33
34	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35

94
95	== Changelog ==
96
97	+ = 4.15.28 =
98	+ * Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
99	+
100	= 4.15.27 =
101	* Fixed a major bug that made multisite scan extremely slow and sometimes error out.
102	* Moved all ajax call out of the init function and into their own functions for better handling time.

339
340	== Upgrade Notice ==
341
342	+ = 4.15.28 =
343	+ Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
344	+
345	= 4.15.27 =
346	Fixed a major bug that made multisite scan extremely slow and moved all ajax call out of the init function and into their own functions.
347

Anti-Malware Security and Brute-Force Firewall - Version 4.15.28

Version Description

Release Info

Code changes from version 4.15.27 to 4.15.28