Anti-Malware Security and Brute-Force Firewall

Version Description

Fixed a bugs in the Quarantine that was memory_limit errors if there number of files in the was too high.
Added the highlight malicious code feature back to the Quarantine file viewer.
Added the ability to change the admin username if the current username is "admin".
Improved the code in the Brute-Force Protection patch.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.15.29
Comparing to
See all releases

Code changes from version 4.15.28 to 4.15.29

Files changed (5) hide show

images/index.php +1 -1
index.php +38 -18
languages/gotmls.pot +16 -1
readme.txt +12 -3
safe-load/wp-login.php +8 -8

images/index.php CHANGED Viewed

	@@ -541,7 +541,7 @@ function GOTMLS_html_tags($tags, $inner = array()) {
541
542	function GOTMLS_write_quarantine($file, $className) {
543	global $wpdb;
544	- $insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]));//! comment_status post_password post_name to_ping post_parent ~~guid~~ menu_order";
545	$insert["post_date"] = date("Y-m-d H:i:s");
546	$insert["post_date_gmt"] = $insert["post_date"];
547	if (is_file($file)) {


541
542	function GOTMLS_write_quarantine($file, $className) {
543	global $wpdb;
544	+ $insert = array("post_author"=>GOTMLS_get_current_user_id(), "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_title"=>$file, "ping_status"=>$className, "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content_filtered"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]), "guid"=>GOTMLS_Version);//! comment_status post_password post_name to_ping post_parent menu_order";
545	$insert["post_date"] = date("Y-m-d H:i:s");
546	$insert["post_date_gmt"] = $insert["post_date"];
547	if (is_file($file)) {

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.15.28
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -135,6 +135,7 @@ function GOTMLS_display_header($optional_box = "") {
135	$Update_Div ='<div id="findUpdates" style="display: none;"><center>'.__("Searching for updates ...",'gotmls').'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>';
136	echo '
137	span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}

138	.GOTMLS_quarantine_item {margin: 4px 12px;}
139	.rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
140	.shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}
	@@ -635,7 +636,7 @@ function GOTMLS_get_quarantine($only = false) {
635	foreach ($entries as $entry) {
636	if (is_file($file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry)) {
637	if (GOTMLS_get_ext($entry) == "gotmls" && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($file))) {
638	- $insert = array("post_author"=>GOTMLS_get_current_user_id(), "ping_status"=>"imported", "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]));//! comment_status post_password post_name to_ping post_parent ~~guid~~ menu_order";
639	if (!($insert["comment_count"] = @filesize($file)))
640	$insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
641	$file_date = explode(".", $entry);
	@@ -662,14 +663,18 @@ function GOTMLS_get_quarantine($only = false) {
662	if (basename($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == "quarantine")
663	rmdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
664	}
665	- $Q_Page = '
666	- <form method="POST" action="'.admin_url('admin-ajax.php').(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
667	- $args = array('posts_per_page' => -1, 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
668	if (is_numeric($only))
669	return get_post($only, ARRAY_A);






670	$my_query = new WP_Query($args);
671	- if ~~($only)~~
672	- ~~return~~ ~~$my_query->post_count;~~

673	if ($my_query->have_posts()) {
674	$Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
675	<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">Date Quarantined</span><span class="GOTMLS_date">Date Infected</span></h3>';
	@@ -680,10 +685,13 @@ function GOTMLS_get_quarantine($only = false) {
680	<li id="GOTMLS_quarantine_'.$post->ID.'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post->post_date_gmt.'</span><span class="GOTMLS_date">'.$post->post_modified_gmt.'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."</a></li>\n";
681	}
682	$Q_Page .= "\n</ul>";
683	- ~~wp_reset_query~~();


684	} else
685	$Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
686	- ~~return "$Q_Page\n</form>\n"~~;

687	}
688
689	function GOTMLS_View_Quarantine() {
	@@ -1148,14 +1156,22 @@ showhide("pause_button", true);'."\n/{$lt}!--"."/";
1148	else
1149	$patch_status = 2;
1150	}
1151	- $sec_opts = '
1152	- '.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Revolution Slider Exploit Protection (Automatically Enabled)'.$lt.'/b'.$gt.$lt.'/p'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').$lt.'/div'.$gt.$lt.'hr /'.$gt.'
1153	'.$patch_action.'
1154	- '.$lt.'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/div'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt~~.$lt~~.'~~div~~ ~~style="padding: 0 30px;"'.$gt.'~~   * '.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n{$lt}script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
1155	$admin_notice = "";
1156	if ($current_user->user_login == "admin") {
1157	- $~~admin_notice~~ .= $~~lt.'hr~~ /'~~.$gt.~~'
1158	- ~~'.$lt.'form~~ ~~method="POST"~~ ~~name=~~"~~GOTMLS_Form_admin~~"~~'.$gt.$lt.'p'.$gt.$lt.'img~~ ~~src=~~"~~'.GOTMLS_images_path.'threat.gif~~"~~'.$gt.$lt.'b'.$gt.'Admin~~ ~~Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.$lt.'div style=~~"~~padding: 0 30px;~~"~~'.$gt.'Your~~ ~~username~~ is "admin"~~, this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.'.$lt.'/div'.$gt.$lt.'/form'.$gt;~~









1159	}
1160	echo GOTMLS_box("Firewall Options", $sec_opts.$admin_notice);
1161	}
	@@ -1354,11 +1370,15 @@ function GOTMLS_ajax_scan() {
1354	}
1355	} elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
1356	$f = 1;

1357	foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
1358	list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1359	- if (strlen($end) > 0 && is_numeric($start) && is_numeric($end) ~~&& $start > $end)~~
1360	- $fa ~~.= '~~ <a ~~title="'.htmlspecialchars(~~$~~threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$~~end.')~~;">['.$f++.']</a>';~~
1361	- ~~else~~ {



1362	if (is_numeric($threats_found)) {
1363	$threats_found = $threats_name;
1364	$threats_name = $f;
	@@ -1372,7 +1392,7 @@ function GOTMLS_ajax_scan() {
1372	}
1373	}
1374	}
1375	- }
1376	foreach ($decode_list as $decode => $regex)
1377	if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"]))
1378	$fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.15.29
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");

135	$Update_Div ='<div id="findUpdates" style="display: none;"><center>'.__("Searching for updates ...",'gotmls').'<br /><img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /><br /><input type="button" value="Cancel" onclick="cancelserver(\'findUpdates\');" /></center></div>';
136	echo '
137	span.GOTMLS_date {float: right; width: 130px; white-space: nowrap;}
138	+ .GOTMLS_page {float: left; border-radius: 10px; padding: 0 5px;}
139	.GOTMLS_quarantine_item {margin: 4px 12px;}
140	.rounded-corners {margin: 10px; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; border: 1px solid #000;}
141	.shadowed-box {box-shadow: -3px 3px 3px #666; -moz-box-shadow: -3px 3px 3px #666; -webkit-box-shadow: -3px 3px 3px #666;}

636	foreach ($entries as $entry) {
637	if (is_file($file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry)) {
638	if (GOTMLS_get_ext($entry) == "gotmls" && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($file))) {
639	+ $insert = array("post_author"=>GOTMLS_get_current_user_id(), "ping_status"=>"imported", "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "guid"=>"Unknown");//! comment_status post_password post_name to_ping post_parent menu_order";
640	if (!($insert["comment_count"] = @filesize($file)))
641	$insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
642	$file_date = explode(".", $entry);

663	if (basename($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == "quarantine")
664	rmdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
665	}



666	if (is_numeric($only))
667	return get_post($only, ARRAY_A);
668	+ elseif ($only)
669	+ return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'");
670	+ else
671	+ $args = array('posts_per_page' => 200, 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
672	+ if (isset($_POST["paged"]))
673	+ $args["paged"] = $_POST["paged"];
674	$my_query = new WP_Query($args);
675	+ $Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1"><div style="float: left;">Page:</div>';
676	+ $Q_Page = '
677	+ <form method="POST" action="'.admin_url('admin-ajax.php').(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
678	if ($my_query->have_posts()) {
679	$Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
680	<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3>'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">Date Quarantined</span><span class="GOTMLS_date">Date Infected</span></h3>';

685	<li id="GOTMLS_quarantine_'.$post->ID.'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post->post_date_gmt.'</span><span class="GOTMLS_date">'.$post->post_modified_gmt.'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."</a></li>\n";
686	}
687	$Q_Page .= "\n</ul>";
688	+ for ($p = 1; $p <= $my_query->max_num_pages; $p++) {
689	+ $Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($_POST["paged"]) && $_POST["paged"] == $p) \|\| (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' onclick="document.getElementById(\'GOTMLS_paged\').value = \''.$p.'\';">';
690	+ }
691	} else
692	$Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
693	+ wp_reset_query();
694	+ return "$Q_Paged\n</form><br style=\"clear: left;\" />\n$Q_Page\n</form>\n$Q_Paged\n</form><br style=\"clear: left;\" />\n";
695	}
696
697	function GOTMLS_View_Quarantine() {

1156	else
1157	$patch_status = 2;
1158	}
1159	+ $sec_opts = $lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Revolution Slider Exploit Protection (Automatically Enabled)'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').$lt.'/div'.$gt.$lt.'hr /'.$gt.'

1160	'.$patch_action.'
1161	+ '.$lt.'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.'   * '.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n{$lt}script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
1162	$admin_notice = "";
1163	if ($current_user->user_login == "admin") {
1164	+ if (isset($_POST["GOTMLS_admin_username"]) && ("admin" != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s[a-z_0-9\@\.\-]{3,}\s$/i', $_POST["GOTMLS_admin_username"])) {
1165	+ if ($wpdb->update($wpdb->users, array("user_login" => trim($_POST["GOTMLS_admin_username"])), array("user_login" => "admin")))
1166	+ $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("You username has been change to %s. Don't forget to use your new username when you login again.",'gotmls'), $_POST["GOTMLS_admin_username"]).$lt.'/div'.$gt;
1167	+ else
1168	+ $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("SQL Error changing username: %s. Please try again later.",'gotmls'), $wpdb->last_error).$lt.'/div'.$gt;
1169	+ } else {
1170	+ $admin_notice .= $lt.'hr /'.$gt;
1171	+ if (isset($_POST["GOTMLS_admin_username"]))
1172	+ $admin_notice .= $lt.'div class="updated"'.$gt.sprintf(__("Your new username must be at least 3 characters and can only contain "%s". Please try again.",'gotmls'), "a-z0-9_.-@").$lt.'/div'.$gt;
1173	+ $admin_notice .= $lt.'form method="POST" name="GOTMLS_Form_admin"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'div style="float: left;"'.$gt.__("Change your username:",'gotmls').$lt.'/div'.$gt.$lt.'input style="float: left;" type="text" id="GOTMLS_admin_username" name="GOTMLS_admin_username" size="6" value="admin"'.$gt.$lt.'input style="float: left;" type="submit" value="Change"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt.'b'.$gt.'Admin Notice'.$lt.'/b'.$gt.$lt.'/p'.$gt.'Your username is "admin", this is the most commonly guessed username by hackers and brute-force scripts. It is highly recommended that you change your username immediately.'.$lt.'/div'.$gt.$lt.'/form'.$gt;
1174	+ }
1175	}
1176	echo GOTMLS_box("Firewall Options", $sec_opts.$admin_notice);
1177	}

1370	}
1371	} elseif (isset($Q_post["post_excerpt"]) && strlen($Q_post["post_excerpt"]) && is_array($GLOBALS["GOTMLS"]["tmp"]["threats_found"] = @maybe_unserialize(GOTMLS_decode($Q_post["post_excerpt"])))) {
1372	$f = 1;
1373	+ //print_r(array("excerpt:"=>$GLOBALS["GOTMLS"]["tmp"]["threats_found"]));
1374	foreach ($GLOBALS["GOTMLS"]["tmp"]["threats_found"] as $threats_found => $threats_name) {
1375	list($start, $end, $junk) = explode("-", "$threats_found--", 3);
1376	+ if (strlen($end) > 0 && is_numeric($start) && is_numeric($end)) {
1377	+ if ($start < $end)
1378	+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$start.', '.$end.');">['.$f++.']</a>';
1379	+ else
1380	+ $fa .= ' <a title="'.htmlspecialchars($threats_name).'" href="javascript:select_text_range(\'ta_file\', '.$end.', '.$start.');">['.$f++.']</a>';
1381	+ } else {
1382	if (is_numeric($threats_found)) {
1383	$threats_found = $threats_name;
1384	$threats_name = $f;

1392	}
1393	}
1394	}
1395	+ } //else echo "excerpt:".$Q_post["post_excerpt"];
1396	foreach ($decode_list as $decode => $regex)
1397	if (preg_match($regex.substr($GLOBALS["GOTMLS"]["tmp"]["default_ext"], 0, 1), $GLOBALS["GOTMLS"]["tmp"]["file_contents"]))
1398	$fa .= ' <a href="'.GOTMLS_script_URI.'&'.$function.'[]='.$decode.'">decode['.$decode.']</a>';

languages/gotmls.pot CHANGED Viewed

	@@ -8,7 +8,7 @@ msgid ""
8	msgstr ""
9	"Project-Id-Version: GOTMLS\n"
10	"Report-Msgid-Bugs-To: eli@gotmls.net\n"
11	- "POT-Creation-Date: 2015-06-29 11:44-1000\n"
12	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"
	@@ -337,6 +337,21 @@ msgstr ""
337	msgid " For more information on Brute-Force attack prevention and the WordPress wp-login-php file "
338	msgstr ""
339















340	msgid "Default position"
341	msgstr ""
342


8	msgstr ""
9	"Project-Id-Version: GOTMLS\n"
10	"Report-Msgid-Bugs-To: eli@gotmls.net\n"
11	+ "POT-Creation-Date: 2015-07-09 08:57-1000\n"
12	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"

337	msgid " For more information on Brute-Force attack prevention and the WordPress wp-login-php file "
338	msgstr ""
339
340	+ #, php-format
341	+ msgid "You username has been change to %s. Don't forget to use your new username when you login again."
342	+ msgstr ""
343	+
344	+ #, php-format
345	+ msgid "SQL Error changing username: %s. Please try again later."
346	+ msgstr ""
347	+
348	+ #, php-format
349	+ msgid "Your new username must be at least 3 characters and can only contain "%s". Please try again."
350	+ msgstr ""
351	+
352	+ msgid "Change your username:"
353	+ msgstr ""
354	+
355	msgid "Default position"
356	msgstr ""
357

readme.txt CHANGED Viewed

	@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.15.28
9	- Stable tag: 4.15.28
10	Requires at least: 3.3
11	Tested up to: 4.2.2
12
	@@ -29,7 +29,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
29	* Check the integrity of your WordPress Core files.
30	* Automatically Download Definition Updates When running a Complete Scan.
31
32	- Updated ~~June~~ ~~29th~~
33
34	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35
	@@ -94,6 +94,12 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
94
95	== Changelog ==
96






97	= 4.15.28 =
98	* Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
99
	@@ -339,6 +345,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
339
340	== Upgrade Notice ==
341



342	= 4.15.28 =
343	Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
344


5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.15.29
9	+ Stable tag: 4.15.29
10	Requires at least: 3.3
11	Tested up to: 4.2.2
12

29	* Check the integrity of your WordPress Core files.
30	* Automatically Download Definition Updates When running a Complete Scan.
31
32	+ Updated July 9th
33
34	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35

94
95	== Changelog ==
96
97	+ = 4.15.29 =
98	+ * Fixed a bugs in the Quarantine that was memory_limit errors if there number of files in the was too high.
99	+ * Added the highlight malicious code feature back to the Quarantine file viewer.
100	+ * Added the ability to change the admin username if the current username is "admin".
101	+ * Improved the code in the Brute-Force Protection patch.
102	+
103	= 4.15.28 =
104	* Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
105

345
346	== Upgrade Notice ==
347
348	+ = 4.15.29 =
349	+ Fixed a bugs in the Quarantine, added the highlight malicious code feature back to the Quarantine file viewer, added the ability to change the admin username, and improved the Brute-Force Protection.
350	+
351	= 4.15.28 =
352	Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
353

safe-load/wp-login.php CHANGED Viewed

	@@ -5,11 +5,11 @@
5	*/
6
7	include(dirname(__FILE__)."/session.php");
8	- if (!defined(GOTMLS_REQUEST_METHOD))
9	define("GOTMLS_REQUEST_METHOD", (isset($_SERVER["REQUEST_METHOD"])?strtoupper($_SERVER["REQUEST_METHOD"]):"none"));
10	if (!function_exists("GOTMLS_update_log_file")) {
11	function GOTMLS_update_log_file($dont_force_write = true) {
12	- if (!defined(GOTMLS_SESSION_FILE))
13	define("GOTMLS_SESSION_FILE", dirname(__FILE__)."/_SESSION/index.php");
14	if (is_file(GOTMLS_SESSION_FILE))
15	include(GOTMLS_SESSION_FILE);
	@@ -18,15 +18,15 @@ if (!function_exists("GOTMLS_update_log_file")) {
18	@mkdir(dirname(GOTMLS_SESSION_FILE));
19	if (is_dir(dirname(GOTMLS_SESSION_FILE)))
20	if (!is_file(GOTMLS_SESSION_FILE))
21	- if (file_put_contents(GOTMLS_SESSION_FILE, "<?php if (!defined(GOTMLS_INSTALL_TIME)) define('GOTMLS_INSTALL_TIME', '".GOTMLS_SESSION_TIME."');"))
22	include(GOTMLS_SESSION_FILE);
23	}
24	- if (!defined(GOTMLS_INSTALL_TIME))
25	return false;
26	else {
27	$GOTMLS_LOGIN_ARRAY = array("ADDR"=>(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"REMOTE_ADDR"), "AGENT"=>(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"HTTP_USER_AGENT"), "TIME"=>GOTMLS_INSTALL_TIME);
28	- $GOTMLS_LOGIN_KEY = md5(~~maybe_serialize~~($GOTMLS_LOGIN_ARRAY));
29	- if (!defined(GOTMLS_LOG_FILE))
30	define("GOTMLS_LOG_FILE", dirname(GOTMLS_SESSION_FILE)."/.GOTMLS.$GOTMLS_LOGIN_KEY.php");
31	if (is_file(GOTMLS_LOG_FILE))
32	include(GOTMLS_LOG_FILE);
	@@ -34,7 +34,7 @@ if (!function_exists("GOTMLS_update_log_file")) {
34	$GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD][GOTMLS_INSTALL_TIME] = $GOTMLS_LOGIN_ARRAY;
35	else
36	$GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD] = GOTMLS_INSTALL_TIME;
37	- @file_put_contents(GOTMLS_LOG_FILE, '<?php $GLOBALS["GOTMLS"]["logins"]["'.$GOTMLS_LOGIN_KEY.'"]=~~maybe_unserialize~~(base64_decode("'.base64_encode(~~maybe_serialize~~($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY])).'"));');
38	if (isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]))
39	return $GOTMLS_LOGIN_KEY;
40	else
	@@ -42,7 +42,7 @@ if (!function_exists("GOTMLS_update_log_file")) {
42	}
43	}
44	}
45	- if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && !isset($GOTMLS_logins[$GOTMLS_LOGIN_KEY]["whitelist"])) {
46	if (!(isset($_SESSION["GOTMLS_detected_attacks"]) && $_SESSION["GOTMLS_SESSION_LAST"]))
47	$_SESSION["GOTMLS_detected_attacks"] = '&attack[]=NO_SESSION';
48	if (!isset($_SERVER["REMOTE_ADDR"]))


5	*/
6
7	include(dirname(__FILE__)."/session.php");
8	+ if (!defined("GOTMLS_REQUEST_METHOD"))
9	define("GOTMLS_REQUEST_METHOD", (isset($_SERVER["REQUEST_METHOD"])?strtoupper($_SERVER["REQUEST_METHOD"]):"none"));
10	if (!function_exists("GOTMLS_update_log_file")) {
11	function GOTMLS_update_log_file($dont_force_write = true) {
12	+ if (!defined("GOTMLS_SESSION_FILE"))
13	define("GOTMLS_SESSION_FILE", dirname(__FILE__)."/_SESSION/index.php");
14	if (is_file(GOTMLS_SESSION_FILE))
15	include(GOTMLS_SESSION_FILE);

18	@mkdir(dirname(GOTMLS_SESSION_FILE));
19	if (is_dir(dirname(GOTMLS_SESSION_FILE)))
20	if (!is_file(GOTMLS_SESSION_FILE))
21	+ if (file_put_contents(GOTMLS_SESSION_FILE, "<?php if (!defined('GOTMLS_INSTALL_TIME')) define('GOTMLS_INSTALL_TIME', '".GOTMLS_SESSION_TIME."');"))
22	include(GOTMLS_SESSION_FILE);
23	}
24	+ if (!defined("GOTMLS_INSTALL_TIME"))
25	return false;
26	else {
27	$GOTMLS_LOGIN_ARRAY = array("ADDR"=>(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"REMOTE_ADDR"), "AGENT"=>(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"HTTP_USER_AGENT"), "TIME"=>GOTMLS_INSTALL_TIME);
28	+ $GOTMLS_LOGIN_KEY = md5(serialize($GOTMLS_LOGIN_ARRAY));
29	+ if (!defined("GOTMLS_LOG_FILE"))
30	define("GOTMLS_LOG_FILE", dirname(GOTMLS_SESSION_FILE)."/.GOTMLS.$GOTMLS_LOGIN_KEY.php");
31	if (is_file(GOTMLS_LOG_FILE))
32	include(GOTMLS_LOG_FILE);

34	$GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD][GOTMLS_INSTALL_TIME] = $GOTMLS_LOGIN_ARRAY;
35	else
36	$GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD] = GOTMLS_INSTALL_TIME;
37	+ @file_put_contents(GOTMLS_LOG_FILE, '<?php $GLOBALS["GOTMLS"]["logins"]["'.$GOTMLS_LOGIN_KEY.'"]=unserialize(base64_decode("'.base64_encode(serialize($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY])).'"));');
38	if (isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]))
39	return $GOTMLS_LOGIN_KEY;
40	else

42	}
43	}
44	}
45	+ if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && !(isset($GOTMLS_LOGIN_KEY) && isset($GOTMLS_logins[$GOTMLS_LOGIN_KEY]["whitelist"]))) {
46	if (!(isset($_SESSION["GOTMLS_detected_attacks"]) && $_SESSION["GOTMLS_SESSION_LAST"]))
47	$_SESSION["GOTMLS_detected_attacks"] = '&attack[]=NO_SESSION';
48	if (!isset($_SERVER["REMOTE_ADDR"]))

Anti-Malware Security and Brute-Force Firewall - Version 4.15.29

Version Description

Release Info

Code changes from version 4.15.28 to 4.15.29