Anti-Malware Security and Brute-Force Firewall

Version Description

Added a link to purge the deleted Quarantine items from the database.
Added firewall option to Block all XMLRPC calls.
Fixed a few cosmetic bugs in the quarantine and firewall options.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.15.30
Comparing to
See all releases

Code changes from version 4.15.29 to 4.15.30

Files changed (4) hide show

images/index.php +3 -4
index.php +97 -51
languages/gotmls.pot +24 -7
readme.txt +11 -3

images/index.php CHANGED Viewed

	@@ -68,7 +68,7 @@ if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && preg_match('\|(.*?
68	if (is_file(GOTMLS_plugin_path."safe-load/session.php"))
69	require_once(GOTMLS_plugin_path."safe-load/session.php");
70	if (isset($_SESSION["GOTMLS_SESSION_TEST"]))
71	- die("/* GOTMLS SESSION PASS */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nshowhide('GOTMLS_patch_searching', true);\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) \|\| donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and ~~made~~ ~~a donation~~ to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is ~~currently only~~ available to those who have ~~made a donation~~!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_patch_searching');\n\tshowhide('GOTMLS_patch_button', true);\n}\n");
72	else {
73	$_SESSION["GOTMLS_SESSION_TEST"] = $_GET["SESSION"] + 1;
74	if ($_GET["SESSION"] > 0)
	@@ -578,9 +578,8 @@ function GOTMLS_write_quarantine($file, $className) {
578	}
579
580	function GOTMLS_get_current_user_id() {
581	- global $current_user;
582	$return = 1;
583	- if (($current_user = @~~get_current_user~~()) && (@$current_user->ID > 1))
584	$return = $current_user->ID;
585	return $return;
586	}
	@@ -698,7 +697,7 @@ if (!function_exists('ur1encode')) { function ur1encode($url) {
698	}}
699
700	function GOTMLS_strip4java($item) {
701	- return preg_replace("/\\\\/", "\\\\\\\\", ~~preg_replace~~("/'/", "'+\"'\"+'", preg_replace('/\\+n/', "", $item)))~~;//(?<!\\\\)~~
702	}
703
704	function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {


68	if (is_file(GOTMLS_plugin_path."safe-load/session.php"))
69	require_once(GOTMLS_plugin_path."safe-load/session.php");
70	if (isset($_SESSION["GOTMLS_SESSION_TEST"]))
71	+ die("/* GOTMLS SESSION PASS */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nshowhide('GOTMLS_patch_searching', true);\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) \|\| donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_patch_searching');\n\tshowhide('GOTMLS_patch_button', true);\n}\n");
72	else {
73	$_SESSION["GOTMLS_SESSION_TEST"] = $_GET["SESSION"] + 1;
74	if ($_GET["SESSION"] > 0)

578	}
579
580	function GOTMLS_get_current_user_id() {

581	$return = 1;
582	+ if (($current_user = @wp_get_current_user()) && (@$current_user->ID > 1))
583	$return = $current_user->ID;
584	return $return;
585	}

697	}}
698
699	function GOTMLS_strip4java($item) {
700	+ return preg_replace("/\\\\/", "\\\\\\\\", str_replace("'", "'+\"'\"+'", preg_replace('/\\+n\|\\+r\|\n\|\r\|\0/', "", $item)));
701	}
702
703	function GOTMLS_error_link($errorTXT, $file = "", $class = "errors") {

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.15.29
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -623,45 +623,53 @@ function GOTMLS_get_whitelists() {
623	}
624
625	function GOTMLS_get_quarantine($only = false) {
626	- global $wpdb, $~~current_user, $~~post;
627	- if (!isset($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])) {
628	- if (~~($upload = wp_upload_dir()) &&~~ isset($~~upload~~[~~'basedir'~~]))
629	- $~~GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]~~ = ~~str_replace~~(~~"/", GOTMLS_slash(~~), ~~GOTMLS_trailingslashit~~($upload['basedir']))~~.'quarantine';~~
630	- ~~else~~
631	- ~~$GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] = false;~~
632	- }
633	- ~~if ($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"] && is_dir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"])) {~~
634	- $~~entries~~ = ~~GOTMLS_getfiles~~($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
635	- ~~if (is_array(~~$entries) && ~~count~~($~~entries~~)~~) {~~
636	- ~~foreach~~ ($entries as $~~entry~~) {
637	- if (~~is_file(~~$~~file~~ = ~~GOTMLS_trailingslashit(~~$~~GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$~~entry)) {
638	- if (~~GOTMLS_get_ext~~($~~entry)~~ == ~~"gotmls" &&~~ ($GLOBALS["GOTMLS"]["tmp"]["~~file_contents~~"] ~~= @file_get_contents($file~~))) {
639	- ~~$insert~~ ~~= array~~(~~"post_author"=>GOTMLS_get_current_user_id~~(), ~~"ping_status"=>"imported",~~ "~~post_status~~"~~=>"private",~~ ~~"post_type"=>"GOTMLS_quarantine",~~ ~~"post_content"=>GOTMLS_encode~~($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), ~~"post_mime_type"=>md5~~($~~GLOBALS["GOTMLS"]["tmp"]["file_contents"]~~)~~, "guid"=>"Unknown"~~)~~;//!~~ ~~comment_status post_password post_name to_ping post_parent menu_order";~~
640	- if (!($~~insert~~["~~comment_count~~"] ~~= @filesize~~($~~file~~)))
641	- $insert["comment_count"] = ~~strlen~~($~~GLOBALS["GOTMLS"]["tmp"]["file_contents"]~~);
642	- $~~file_date~~ = ~~explode~~("."~~, $entry~~);
643	- $~~insert["post_date"]~~ = ~~date~~("~~Y-m-d H:i:s~~", ~~filemtime(~~$~~file~~));
644	- $insert["~~post_date_gmt~~"] = ~~$insert[~~"~~post_date~~"];
645	- $insert["~~post_modified~~"] = $insert["post_date"];
646	- $~~match = '/^(20)?(~~[~~0-5~~]~~[0-9])[\-:~~ ~~\/](0[1-9]\|1[0-2])[\-:~~ \/](0[~~1-9~~]~~\|[12][0-9]\|3[01])[\-: \/]([0-5][0-9])[\-: \/]([0-5][0-9])$/'~~;
647	- if (~~count~~(~~$file_date~~) > 2 ~~&& strlen~~(~~$file_date~~[0]) == 5 ~~&& preg_match~~(~~$match, GOTMLS_sexagesimal($file_date~~[0])))
648	- $~~insert~~[~~"post_modified"~~] = GOTMLS_sexagesimal($file_date[0])~~.":00";~~
649	- ~~elseif (count(~~$~~file_date) > 3 && strlen($file_date~~[1]) == ~~5 && preg_match($match,~~ GOTMLS_sexagesimal($file_date[1])))
650	- $~~insert~~[~~"post_modified"~~] = GOTMLS_sexagesimal($file_date[1])~~.":00";~~
651	- $insert["~~post_modified_gmt~~"] = $~~insert~~["~~post_modified~~"];
652	- $insert["~~post_title~~"] = ~~GOTMLS_decode(~~$~~file_date~~[~~count($file_date)-2~~]);
653	- ~~if (is_file(~~$insert["post_title"]) && ($~~GLOBALS~~[~~"GOTMLS"]["tmp"]["new_contents"] = file_get_contents~~($~~insert["post_title"~~])))
654	- $insert["~~post_content_filtered~~"] = ~~GOTMLS_encode~~($GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
655	- ~~//!~~ ~~pinged~~ ~~post_excerpt~~
656	- if ~~($wpdb->insert($wpdb->posts,~~ ~~$insert))~~
657	- ~~unlink~~(~~trailingslashit~~($~~GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]~~)~~.$entry~~);
658	- ~~} elseif~~ (~~basename~~($GLOBALS["GOTMLS"]["tmp"]["~~quarantine_dir~~"]~~) ==~~ "~~quarantine~~")
659	- ~~unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]).$entry);~~




660	}
661	}






662	}
663	- if (basename($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]) == "quarantine")
664	- rmdir($GLOBALS["GOTMLS"]["tmp"]["quarantine_dir"]);
665	}
666	if (is_numeric($only))
667	return get_post($only, ARRAY_A);
	@@ -691,20 +699,22 @@ function GOTMLS_get_quarantine($only = false) {
691	} else
692	$Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
693	wp_reset_query();
694	- return "$Q_Paged\n</form><br style=\"clear: left;\" />\n$Q_Page\n</form>\n$Q_Paged\n</form><br style=\"clear: left;\" />\n";



695	}
696
697	function GOTMLS_View_Quarantine() {
698	GOTMLS_update_definitions();
699	- ~~GOTMLS_display_header~~();
700	- echo GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists());
701	if (!isset($_GET['Whitelists']))
702	- echo "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
703	- echo GOTMLS_box($Q_Page = __("Quarantine",'gotmls'), GOTMLS_get_quarantine());
704	if (isset($_GET['Scanlog']))
705	- echo "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
706	- ~~echo GOTMLS_box~~(~~__("Scan Logs",'gotmls'~~)~~, GOTMLS_get_scanlog())~~;
707	- echo "\n</div></div></div>";
708	}
709
710	function GOTMLS_update_definitions() {
	@@ -871,7 +881,7 @@ function GOTMLS_settings() {
871	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
872	'.$lt.'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
873	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
874	- '.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px; ~~border-bottom: #F00 solid 2px;~~"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt.'/b'.$gt.$lt.'/td'.$gt.$lt.'td colspan=2 ~~style="border-bottom: #F00 solid 2px;"~~'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt~~/tr$gt{$lt}tr$gt{$lt}td nowrap$gt\n$lt/td$gt$lt~~".'td~~'.$gt.$lt.'/td'.$gt.$lt.'td~~ align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
875	@ob_start();
876	$OB_default_handlers = array("default output handler", "zlib output compression");
877	$OB_handlers = @ob_list_handlers();
	@@ -1121,9 +1131,32 @@ showhide("pause_button", true);'."\n/{$lt}!--"."/";
1121	"icon" => "threat"
1122	)
1123	);
























1124	$patch_status = 0;
1125	$patch_found = -1;
1126	- $patch_action = "";
1127	$find = "#if\s$([^\&]+\&\&)?\sfile_exists\((.+?)(safe-load\|wp-login)\.php'$\)\s*require(_once)?$(.+?)(safe-load\|wp-login)\.php'$;#";
1128	$head = str_replace(array('#', '\$', '\$', '(_once)?', ')\\.', '\\s*', '(.+?)(', '\|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find);
1129	if (is_file(ABSPATH.'wp-config.php')) {
	@@ -1158,7 +1191,7 @@ showhide("pause_button", true);'."\n/{$lt}!--"."/";
1158	}
1159	$sec_opts = $lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Revolution Slider Exploit Protection (Automatically Enabled)'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').$lt.'/div'.$gt.$lt.'hr /'.$gt.'
1160	'.$patch_action.'
1161	- '.$lt.'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt~~.'   * '~~.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n{$lt}script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
1162	$admin_notice = "";
1163	if ($current_user->user_login == "admin") {
1164	if (isset($_POST["GOTMLS_admin_username"]) && ("admin" != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s[a-z_0-9\@\.\-]{3,}\s$/i', $_POST["GOTMLS_admin_username"])) {
	@@ -1268,6 +1301,18 @@ if (curDiv = window.parent.document.getElementById("div_file")) {
1268	}
1269	add_action('wp_ajax_GOTMLS_position', 'GOTMLS_ajax_position');
1270












1271	function GOTMLS_ajax_whitelist() {
1272	if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
1273	$file = GOTMLS_decode($_POST['GOTMLS_whitelist']);
	@@ -1296,7 +1341,7 @@ function GOTMLS_ajax_fix() {
1296	if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1297	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1298	$callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1299	- $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\~~nnif~~ (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/<!--"."/";
1300	@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1301	$HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
1302	echo $HTML[0];
	@@ -1411,7 +1456,7 @@ function GOTMLS_ajax_scan() {
1411	}
1412	}
1413	window.parent.showhide("GOTMLS_iFrame", true);
1414	- </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php').'" onsubmit="return confirm(\''.__("Are you sure you want to delete this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1415	} else
1416	die(GOTMLS_html_tags(array("html" => array("body" => __("This file no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1417	} else {
	@@ -1473,7 +1518,7 @@ function GOTMLS_ajax_scan() {
1473	}
1474	}
1475	window.parent.showhide("GOTMLS_iFrame", true);
1476	- </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php').'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize($file).'bytes)<br />permissions: '.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1477	}
1478	}
1479	}
	@@ -1489,6 +1534,7 @@ add_action('wp_ajax_nopriv_GOTMLS_scan', 'GOTMLS_ajax_nopriv');
1489	add_action('wp_ajax_nopriv_GOTMLS_position', 'GOTMLS_ajax_nopriv');
1490	add_action('wp_ajax_nopriv_GOTMLS_fix', 'GOTMLS_ajax_nopriv');
1491	add_action('wp_ajax_nopriv_GOTMLS_whitelist', 'GOTMLS_ajax_nopriv');

1492
1493	add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message");
1494	add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.15.30
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");

623	}
624
625	function GOTMLS_get_quarantine($only = false) {
626	+ global $wpdb, $post;
627	+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) \|\| $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) {
628	+ if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"])) {
629	+ if (($upload = wp_upload_dir()) && isset($upload['basedir']))
630	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] = str_replace("/", GOTMLS_slash(), GOTMLS_trailingslashit($upload['basedir'])).'quarantine';
631	+ else
632	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] = false;
633	+ }
634	+ if (isset($_GET["page"]) && substr($_GET["page"], 0, 6) == "GOTMLS" && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] && is_dir($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"])) {
635	+ $entries = GOTMLS_getfiles($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]);
636	+ if (is_array($entries) && count($entries)) {
637	+ foreach ($entries as $entry) {
638	+ if (is_file($file = GOTMLS_trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]).$entry)) {
639	+ if (GOTMLS_get_ext($entry) == "gotmls" && ($GLOBALS["GOTMLS"]["tmp"]["file_contents"] = @file_get_contents($file))) {
640	+ $insert = array("post_author"=>GOTMLS_get_current_user_id(), "ping_status"=>"imported", "post_status"=>"private", "post_type"=>"GOTMLS_quarantine", "post_content"=>GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "post_mime_type"=>md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]), "guid"=>"Unknown");//! comment_status post_password post_name to_ping post_parent menu_order";
641	+ if (!($insert["comment_count"] = @filesize($file)))
642	+ $insert["comment_count"] = strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]);
643	+ $file_date = explode(".", $entry);
644	+ $insert["post_date"] = date("Y-m-d H:i:s", filemtime($file));
645	+ $insert["post_date_gmt"] = $insert["post_date"];
646	+ $insert["post_modified"] = $insert["post_date"];
647	+ $match = '/^(20)?([0-5][0-9])[\-: \/](0[1-9]\|1[0-2])[\-: \/](0[1-9]\|[12][0-9]\|3[01])[\-: \/]([0-5][0-9])[\-: \/]([0-5][0-9])$/';
648	+ if (count($file_date) > 2 && strlen($file_date[0]) == 5 && preg_match($match, GOTMLS_sexagesimal($file_date[0])))
649	+ $insert["post_modified"] = GOTMLS_sexagesimal($file_date[0]).":00";
650	+ elseif (count($file_date) > 3 && strlen($file_date[1]) == 5 && preg_match($match, GOTMLS_sexagesimal($file_date[1])))
651	+ $insert["post_modified"] = GOTMLS_sexagesimal($file_date[1]).":00";
652	+ $insert["post_modified_gmt"] = $insert["post_modified"];
653	+ $insert["post_title"] = GOTMLS_decode($file_date[count($file_date)-2]);
654	+ if (is_file($insert["post_title"]) && ($GLOBALS["GOTMLS"]["tmp"]["new_contents"] = file_get_contents($insert["post_title"])))
655	+ $insert["post_content_filtered"] = GOTMLS_encode($GLOBALS["GOTMLS"]["tmp"]["new_contents"]);
656	+ //! pinged post_excerpt
657	+ if ($wpdb->insert($wpdb->posts, $insert))
658	+ unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]).$entry);
659	+ else
660	+ print_r(array($entry=>$insert, "last_error"=>$wpdb->last_error));
661	+ } elseif (basename($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) == "quarantine")
662	+ unlink(trailingslashit($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]).$entry);
663	+ }
664	}
665	}
666	+ if (basename($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]) == "quarantine")
667	+ rmdir($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]);
668	+ }
669	+ if (!($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] && is_dir($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"]))) {
670	+ $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["quarantine_dir"] = false;
671	+ update_option("GOTMLS_settings_array", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
672	}


673	}
674	if (is_numeric($only))
675	return get_post($only, ARRAY_A);

699	} else
700	$Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
701	wp_reset_query();
702	+ $return = "$Q_Paged\n</form><br style=\"clear: left;\" />\n$Q_Page\n</form>\n$Q_Paged\n</form><br style=\"clear: left;\" />\n";
703	+ if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1)
704	+ $return = "<a href='".admin_url('admin-ajax.php?action=GOTMLS_empty_trash')."' id='empty_trash_link' style='float: right;' target='GOTMLS_statusFrame'>[Clear $trashed Deleted Files from the Trash]</a>".$return;
705	+ return $return;
706	}
707
708	function GOTMLS_View_Quarantine() {
709	GOTMLS_update_definitions();
710	+ $echo = GOTMLS_box($Q_Page = __("White-lists",'gotmls'), GOTMLS_get_whitelists());

711	if (!isset($_GET['Whitelists']))
712	+ $echo .= "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
713	+ $echo .= GOTMLS_box($Q_Page = __("Quarantine",'gotmls'), GOTMLS_get_quarantine());
714	if (isset($_GET['Scanlog']))
715	+ $echo .= "\n<script>\nshowhide('inside_".md5($Q_Page)."');\n</script>\n";
716	+ GOTMLS_display_header();
717	+ echo $echo.GOTMLS_box(__("Scan Logs",'gotmls'), GOTMLS_get_scanlog())."\n</div></div></div>";
718	}
719
720	function GOTMLS_update_definitions() {

881	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
882	'.$lt.'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
883	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
884	+ '.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt.'/b'.$gt.$lt.'/td'.$gt.$lt.'td colspan=2'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt".'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
885	@ob_start();
886	$OB_default_handlers = array("default output handler", "zlib output compression");
887	$OB_handlers = @ob_list_handlers();

1131	"icon" => "threat"
1132	)
1133	);
1134	+ $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="1"'.$gt.$lt.'input type="submit" style="display: none;" value="Block XMLRPC Access" id="GOTMLS_XMLRPC_patch_button"'.$gt.$lt.'div id="GOTMLS_XMLRPC_patch_searching"'.$gt.__("Checking .htaccess file ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'script'.$gt."\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) \|\| donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.'Allow/Block XMLRPC Access (';
1135	+ $patch_found = false;
1136	+ $find = '/<Files[^>]+xmlrpc.php>(.+?)<\/Files>\s(# END GOTMLS Patch to Block XMLRPC Access\s)*/is';
1137	+ $head = str_replace(array('/<Files[^>]+', '(.+?)<\\', '\\s(', '\\s)*/is'), array("<Files ", "\norder deny,allow\ndeny from all".(isset($_SERVER["REMOTE_ADDR"])?"\nallow from ".$_SERVER["REMOTE_ADDR"]:"").(isset($_SERVER["SERVER_ADDR"])?"\nallow from ".$_SERVER["SERVER_ADDR"]:"")."\n<", "\n", "\n"), $find);
1138	+ $htaccess = "";
1139	+ if (is_file(ABSPATH.'.htaccess'))
1140	+ if (($htaccess = @file_get_contents(ABSPATH.'.htaccess')) && strlen($htaccess))
1141	+ $patch_found = preg_match($find, $htaccess);
1142	+ if ($patch_found) {
1143	+ if (isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', preg_replace($find, "", $htaccess)))
1144	+ $patch_action .= $lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.' Now Allowing';
1145	+ elseif (isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] < 0))
1146	+ $patch_action = str_replace('1"'.$gt.$lt.'input type="submit" value="Block', '-1"'.$gt.$lt.'input type="submit" value="Unblock', $patch_action).$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.' Still Blocked: '.sprintf(__("Failed to remove XMLRPC Protection (.htaccess %s)",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write':'only'):"unreadable").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
1147	+ else
1148	+ $patch_action = str_replace('1"'.$gt.$lt.'input type="submit" value="Block', '-1"'.$gt.$lt.'input type="submit" value="Unblock', $patch_action).'Currently Blocked';
1149	+ } else {
1150	+ if (isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0) && GOTMLS_file_put_contents(ABSPATH.'.htaccess', "$head$htaccess"))
1151	+ $patch_action = str_replace('1"'.$gt.$lt.'input type="submit" value="Block', '-1"'.$gt.$lt.'input type="submit" value="Unblock', $patch_action).$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.' Now Blocking';
1152	+ elseif (isset($_POST["GOTMLS_XMLRPC_patching"]) && ($_POST["GOTMLS_XMLRPC_patching"] > 0))
1153	+ $patch_action .= $lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.' Still Allowed: '.sprintf(__("Failed to install XMLRPC Protection (.htaccess %s)",'gotmls'),(is_readable(ABSPATH.'.htaccess')?'read-'.(is_writable(ABSPATH.'.htaccess')?'write':'only'):"unreadable").": ".strlen($htaccess).GOTMLS_fileperms(ABSPATH.'.htaccess'));
1154	+ else
1155	+ $patch_action .= 'Currently Allowed';
1156	+ }
1157	+ $patch_action .= ")$lt/b$gt$lt/p$gt".__("Most WordPress site do not use the XMLRPC features and hack attempt on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file.",'gotmls').$lt.'/div'.$gt.$lt.'/form'.$gt.$lt.'hr /'.$gt;
1158	$patch_status = 0;
1159	$patch_found = -1;

1160	$find = "#if\s$([^\&]+\&\&)?\sfile_exists\((.+?)(safe-load\|wp-login)\.php'$\)\s*require(_once)?$(.+?)(safe-load\|wp-login)\.php'$;#";
1161	$head = str_replace(array('#', '\$', '\$', '(_once)?', ')\\.', '\\s*', '(.+?)(', '\|', '([^\\&]+\\&\\&)?'), array(' ', '(', ')', '_once', '.', ' ', '\''.dirname(__FILE__).'/', '/', '!in_array($_SERVER["REMOTE_ADDR"], array("'.$_SERVER["REMOTE_ADDR"].'")) &&'), $find);
1162	if (is_file(ABSPATH.'wp-config.php')) {

1191	}
1192	$sec_opts = $lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt.'b'.$gt.'Revolution Slider Exploit Protection (Automatically Enabled)'.$lt.'/b'.$gt.$lt.'/p'.$gt.__("This protection is automatically activated with this plugin because of the widespread attack on WordPress that are affecting so many site right now. It is still recommended that you make sure to upgrade and older versions of the Revolution Slider plugin, especially those included in some themes that will not update automatically. Even if you do not have Revolution Slider on your site it still can't hurt to have this protection installed.",'gotmls').$lt.'/div'.$gt.$lt.'hr /'.$gt.'
1193	'.$patch_action.'
1194	+ '.$lt.'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'/div'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="http://gotmls.net/tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n{$lt}script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".GOTMLS_images_path."gotmls.js?SESSION=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
1195	$admin_notice = "";
1196	if ($current_user->user_login == "admin") {
1197	if (isset($_POST["GOTMLS_admin_username"]) && ("admin" != trim($_POST["GOTMLS_admin_username"])) && strlen(trim($_POST["GOTMLS_admin_username"])) && preg_match('/^\s[a-z_0-9\@\.\-]{3,}\s$/i', $_POST["GOTMLS_admin_username"])) {

1301	}
1302	add_action('wp_ajax_GOTMLS_position', 'GOTMLS_ajax_position');
1303
1304	+ function GOTMLS_ajax_empty_trash() {
1305	+ global $wpdb;
1306	+ $gl = '><';
1307	+ if ($trashed = $wpdb->query("DELETE FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'"))
1308	+ $trashmsg = __("Emptied $trashed item from the quarantine trash.",'gotmls');
1309	+ else
1310	+ $trashmsg = __("Failed to empty the trash.",'gotmls');
1311	+ $properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nif (curDiv = window.parent.document.getElementById('empty_trash_link'))\n\tcurDiv.style.display = 'none';\nalert('$trashmsg');\n</script$gl/head", "body" => 'style="margin: 0; padding: 0;"');
1312	+ die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties));
1313	+ }
1314	+ add_action('wp_ajax_GOTMLS_empty_trash', 'GOTMLS_ajax_empty_trash');
1315	+
1316	function GOTMLS_ajax_whitelist() {
1317	if (isset($_POST['GOTMLS_whitelist']) && isset($_POST['GOTMLS_chksum'])) {
1318	$file = GOTMLS_decode($_POST['GOTMLS_whitelist']);

1341	if (isset($_REQUEST["GOTMLS_fix"]) && is_array($_REQUEST["GOTMLS_fix"]) && isset($_REQUEST["GOTMLS_fixing"]) && $_REQUEST["GOTMLS_fixing"]) {
1342	GOTMLS_update_scan_log(array("settings" => $GLOBALS["GOTMLS"]["tmp"]["settings_array"]));
1343	$callAlert = "clearTimeout(callAlert);\ncallAlert=setTimeout('alert_repaired(1)', 30000);";
1344	+ $li_js = "\n<script type=\"text/javascript\">\nvar callAlert;\nfunction alert_repaired(failed) {\nclearTimeout(callAlert);\nif (failed)\nfilesFailed='the rest, try again to change more.';\nwindow.parent.check_for_donation('Changed '+filesFixed+' files, failed to change '+filesFailed);\n}\n$callAlert\nwindow.parent.showhide('GOTMLS_iFrame', true);\nfilesFixed=0;\nfilesFailed=0;\nfunction fixedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('list_'+file))\n\tli_file.className='GOTMLS_plugin';\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}\n}\nfunction DeletedFile(file) {\n filesFixed++;\nif (li_file = window.parent.document.getElementById('check_'+file))\n\tli_file.checked=false;\nif (li_file = window.parent.document.getElementById('GOTMLS_quarantine_'+file)) {\n\tli_file.style.display='none';\n\tli_file.innerHTML='';\n\t}}\nfunction failedFile(file) {\n filesFailed++;\nwindow.parent.document.getElementById('check_'+file).checked=false; \n}\n</script>\n<script type=\"text/javascript\">\n/<!--"."/";
1345	@set_time_limit($GLOBALS["GOTMLS"]["tmp"]['execution_time'] * 2);
1346	$HTML = explode("split-here-for-content", GOTMLS_html_tags(array("html" => array("body" => "split-here-for-content"))));
1347	echo $HTML[0];

1456	}
1457	}
1458	window.parent.showhide("GOTMLS_iFrame", true);
1459	+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php').'" onsubmit="return confirm(\''.__("Are you sure you want to delete this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="GOTMLS_fix[]" value="'.$Q_post["ID"].'"><input type="hidden" name="GOTMLS_fixing" value="2"><input type="hidden" name="action" value="GOTMLS_fix"><input type="submit" value="DELETE from Quarantine" style="background-color: #C00; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1460	} else
1461	die(GOTMLS_html_tags(array("html" => array("body" => __("This file no longer exists in the quarantine.",'gotmls')."<br />\n<script type=\"text/javascript\">\nwindow.parent.showhide('GOTMLS_iFrame', true);\n</script>"))));
1462	} else {

1518	}
1519	}
1520	window.parent.showhide("GOTMLS_iFrame", true);
1521	+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="'.admin_url('admin-ajax.php').'" onsubmit="return confirm(\''.__("Are you sure this file is not infected and you want to ignore it in future scans?",'gotmls').'\');"><input type="hidden" name="GOTMLS_whitelist" value="'.GOTMLS_encode($file).'"><input type="hidden" name="action" value="GOTMLS_whitelist"><input type="hidden" name="GOTMLS_chksum" value="'.md5($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).'O'.GOTMLS_installation_key.'"><input type="submit" value="Whitelist this file" style="float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' ('.filesize($file).'bytes)<br />permissions: '.GOTMLS_fileperms($file).'<br />modified:'.date(" Y-m-d H:i:s ", filemtime($file)).'<br />changed:'.date(" Y-m-d H:i:s ", filectime($file)).'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("Potential threats in file:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
1522	}
1523	}
1524	}

1534	add_action('wp_ajax_nopriv_GOTMLS_position', 'GOTMLS_ajax_nopriv');
1535	add_action('wp_ajax_nopriv_GOTMLS_fix', 'GOTMLS_ajax_nopriv');
1536	add_action('wp_ajax_nopriv_GOTMLS_whitelist', 'GOTMLS_ajax_nopriv');
1537	+ add_action('wp_ajax_nopriv_GOTMLS_empty_trash', 'GOTMLS_ajax_nopriv');
1538
1539	add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message");
1540	add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);

languages/gotmls.pot CHANGED Viewed

	@@ -8,7 +8,7 @@ msgid ""
8	msgstr ""
9	"Project-Id-Version: GOTMLS\n"
10	"Report-Msgid-Bugs-To: eli@gotmls.net\n"
11	- "POT-Creation-Date: 2015-07-09 08:57-1000\n"
12	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"
	@@ -306,6 +306,26 @@ msgstr ""
306	msgid "Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files."
307	msgstr ""
308




















309	msgid "Removed Brute-Force Protection"
310	msgstr ""
311
	@@ -361,6 +381,9 @@ msgstr ""
361	msgid "saved."
362	msgstr ""
363



364	msgid "Done!"
365	msgstr ""
366
	@@ -420,12 +443,6 @@ msgstr ""
420	msgid "Core File Changes"
421	msgstr ""
422
423	- msgid "You must register and made a donation to use this feature!"
424	- msgstr ""
425	-
426	- msgid "This feature is currently only available to those who have made a donation!"
427	- msgstr ""
428	-
429	msgid "Your Server could not start a Session!"
430	msgstr ""
431


8	msgstr ""
9	"Project-Id-Version: GOTMLS\n"
10	"Report-Msgid-Bugs-To: eli@gotmls.net\n"
11	+ "POT-Creation-Date: 2015-07-17 22:47-1000\n"
12	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"

306	msgid "Your WordPress Login page has the old version of my brute-force protection installed. Upgrade this patch to improve the protection on the WordPress Login page and preserve the integrity of your WordPress core files."
307	msgstr ""
308
309	+ msgid "Checking .htaccess file ..."
310	+ msgstr ""
311	+
312	+ msgid "You must register and donate to use this feature!"
313	+ msgstr ""
314	+
315	+ msgid "This feature is available to those who have donated!"
316	+ msgstr ""
317	+
318	+ #, php-format
319	+ msgid "Failed to remove XMLRPC Protection (.htaccess %s)"
320	+ msgstr ""
321	+
322	+ #, php-format
323	+ msgid "Failed to install XMLRPC Protection (.htaccess %s)"
324	+ msgstr ""
325	+
326	+ msgid "Most WordPress site do not use the XMLRPC features and hack attempt on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file."
327	+ msgstr ""
328	+
329	msgid "Removed Brute-Force Protection"
330	msgstr ""
331

381	msgid "saved."
382	msgstr ""
383
384	+ msgid "Failed to empty the trash."
385	+ msgstr ""
386	+
387	msgid "Done!"
388	msgstr ""
389

443	msgid "Core File Changes"
444	msgstr ""
445






446	msgid "Your Server could not start a Session!"
447	msgstr ""
448

readme.txt CHANGED Viewed

	@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.15.29
9	- Stable tag: 4.15.29
10	Requires at least: 3.3
11	Tested up to: 4.2.2
12
	@@ -29,7 +29,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
29	* Check the integrity of your WordPress Core files.
30	* Automatically Download Definition Updates When running a Complete Scan.
31
32	- Updated July ~~9th~~
33
34	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35
	@@ -94,6 +94,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
94
95	== Changelog ==
96





97	= 4.15.29 =
98	* Fixed a bugs in the Quarantine that was memory_limit errors if there number of files in the was too high.
99	* Added the highlight malicious code feature back to the Quarantine file viewer.
	@@ -345,6 +350,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
345
346	== Upgrade Notice ==
347



348	= 4.15.29 =
349	Fixed a bugs in the Quarantine, added the highlight malicious code feature back to the Quarantine file viewer, added the ability to change the admin username, and improved the Brute-Force Protection.
350


5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.15.30
9	+ Stable tag: 4.15.30
10	Requires at least: 3.3
11	Tested up to: 4.2.2
12

29	* Check the integrity of your WordPress Core files.
30	* Automatically Download Definition Updates When running a Complete Scan.
31
32	+ Updated July 17th
33
34	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35

94
95	== Changelog ==
96
97	+ = 4.15.30 =
98	+ * Added a link to purge the deleted Quarantine items from the database.
99	+ * Added firewall option to Block all XMLRPC calls.
100	+ * Fixed a few cosmetic bugs in the quarantine and firewall options.
101	+
102	= 4.15.29 =
103	* Fixed a bugs in the Quarantine that was memory_limit errors if there number of files in the was too high.
104	* Added the highlight malicious code feature back to the Quarantine file viewer.

350
351	== Upgrade Notice ==
352
353	+ = 4.15.30 =
354	+ Added a new firewall option to Block all XMLRPC calls and a link to purge the deleted Quarantine items from the database, and fixed a few cosmetic bugs in the quarantine and firewall options.
355	+
356	= 4.15.29 =
357	Fixed a bugs in the Quarantine, added the highlight malicious code feature back to the Quarantine file viewer, added the ability to change the admin username, and improved the Brute-Force Protection.
358

Anti-Malware Security and Brute-Force Firewall - Version 4.15.30

Version Description

Release Info

Code changes from version 4.15.29 to 4.15.30