Anti-Malware Security and Brute-Force Firewall - Version 4.15.40

Version Description

  • Improved the Brute-Force login patch with custom fields and JavaScript.
  • Added a Save button to that Scan Settings page.
  • Fixed a bug in the XMLRPC Patch "Unblock" feature.
Download this release

Release Info

Developer scheeeli
Plugin Icon 128x128 Anti-Malware Security and Brute-Force Firewall
Version 4.15.40
Comparing to
See all releases

Code changes from version 4.15.30 to 4.15.40

Files changed (5) hide show
  1. images/index.php +1 -1
  2. index.php +27 -17
  3. readme.txt +12 -4
  4. safe-load/index.php +6 -6
  5. safe-load/wp-login.php +80 -71
images/index.php CHANGED
@@ -738,7 +738,7 @@ function GOTMLS_read_error($path) {
738
  if (!is_readable($path) && isset($_GET["eli"]))
739
  $return = (@chmod($path, (is_dir($path)?$GOTMLS_chmod_dir:$GOTMLS_chmod_file))?"Fixed permissions":"error: ".preg_replace('/[\r\n]/', ' ', print_r($error,1)));
740
  else
741
- $return = (is_array($error) && isset($error["message"])?$error["message"]:"readable?");
742
  return " ($return [".GOTMLS_fileperms($path)."])";
743
  }
744
 
738
  if (!is_readable($path) && isset($_GET["eli"]))
739
  $return = (@chmod($path, (is_dir($path)?$GOTMLS_chmod_dir:$GOTMLS_chmod_file))?"Fixed permissions":"error: ".preg_replace('/[\r\n]/', ' ', print_r($error,1)));
740
  else
741
+ $return = (is_array($error) && isset($error["message"])?preg_replace('/[\r\n]/', ' ', print_r($error["message"],1)):"readable?");
742
  return " ($return [".GOTMLS_fileperms($path)."])";
743
  }
744
 
index.php CHANGED
@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
- Version: 4.15.30
12
  */
13
  if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
@@ -676,7 +676,7 @@ function GOTMLS_get_quarantine($only = false) {
676
  elseif ($only)
677
  return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'");
678
  else
679
- $args = array('posts_per_page' => 200, 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
680
  if (isset($_POST["paged"]))
681
  $args["paged"] = $_POST["paged"];
682
  $my_query = new WP_Query($args);
@@ -875,13 +875,13 @@ function GOTMLS_settings() {
875
  '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt;
876
  if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);}
877
  if (isset($_GET["eli"])) {//still testing this option
878
- $scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'.$gt.$lt.'/div'.$gt;
879
  }
880
  $scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extentions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$lt/a$gt":"").$lt.'/p'.$gt.'
881
  '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
882
  '.$lt.'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
883
  '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
884
- '.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt.'/b'.$gt.$lt.'/td'.$gt.$lt.'td colspan=2'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt".'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
885
  @ob_start();
886
  $OB_default_handlers = array("default output handler", "zlib output compression");
887
  $OB_handlers = @ob_list_handlers();
@@ -998,10 +998,12 @@ function showOnly(what) {
998
  }
999
  var startTime = 0;
1000
  '.$lt.'/script'.$gt.GOTMLS_box(GOTMLS_Scan_Settings_LANGUAGE, $scan_opts);
1001
- if (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) {
 
 
 
1002
  if (!isset($_REQUEST["scan_type"]))
1003
  $_REQUEST["scan_type"] = "Complete Scan";
1004
- update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1005
  echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php').(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
1006
  foreach ($_POST as $name => $value) {
1007
  if (substr($name, 0, 10) != 'GOTMLS_fix') {
@@ -1131,10 +1133,10 @@ showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1131
  "icon" => "threat"
1132
  )
1133
  );
1134
- $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="1"'.$gt.$lt.'input type="submit" style="display: none;" value="Block XMLRPC Access" id="GOTMLS_XMLRPC_patch_button"'.$gt.$lt.'div id="GOTMLS_XMLRPC_patch_searching"'.$gt.__("Checking .htaccess file ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'script'.$gt."\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) || donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.'Allow/Block XMLRPC Access (';
1135
  $patch_found = false;
1136
- $find = '/<Files[^>]+xmlrpc.php>(.+?)<\/Files>\s*(# END GOTMLS Patch to Block XMLRPC Access\s*)*/is';
1137
- $head = str_replace(array('/<Files[^>]+', '(.+?)<\\', '\\s*(', '\\s*)*/is'), array("<Files ", "\norder deny,allow\ndeny from all".(isset($_SERVER["REMOTE_ADDR"])?"\nallow from ".$_SERVER["REMOTE_ADDR"]:"").(isset($_SERVER["SERVER_ADDR"])?"\nallow from ".$_SERVER["SERVER_ADDR"]:"")."\n<", "\n", "\n"), $find);
1138
  $htaccess = "";
1139
  if (is_file(ABSPATH.'.htaccess'))
1140
  if (($htaccess = @file_get_contents(ABSPATH.'.htaccess')) && strlen($htaccess))
@@ -1211,17 +1213,26 @@ showhide("pause_button", true);'."\n/*{$lt}!--*"."/";
1211
  echo "\n$lt/div$gt$lt/div$gt$lt/div$gt";
1212
  }
1213
 
 
 
 
 
 
 
1214
  function GOTMLS_set_plugin_action_links($links_array, $plugin_file) {
1215
  if ($plugin_file == substr(__file__, (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1216
  $links_array = array_merge(array('<a href="'.admin_url('admin.php?page=GOTMLS-settings').'"><span class="dashicons dashicons-admin-settings"></span>'.GOTMLS_Scan_Settings_LANGUAGE.'</a>'), $links_array);
1217
  return $links_array;
1218
  }
 
1219
 
1220
  function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
1221
  if ($plugin_file == substr(__file__, (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1222
  $links_array = array_merge($links_array, array('<a target="_blank" href="http://gotmls.net/faqs/">FAQ</a>','<a target="_blank" href="http://gotmls.net/support/">Support</a>','<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE"><span class="dashicons dashicons-heart"></span>Donate</a>'));
1223
  return $links_array;
1224
  }
 
 
1225
  function GOTMLS_in_plugin_update_message($args) {
1226
  $transient_name = "GOTMLS_upgrade_notice_".$args["Version"];//(false === ($upgrade_notice = get_transient($transient_name))) &&
1227
  if (($ret = GOTMLS_get_URL("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt"))) {
@@ -1237,6 +1248,7 @@ function GOTMLS_in_plugin_update_message($args) {
1237
  }
1238
  echo $upgrade_notice;
1239
  }
 
1240
 
1241
  function GOTMLS_init() {
1242
  if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
@@ -1269,6 +1281,7 @@ function GOTMLS_init() {
1269
  else
1270
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1271
  }
 
1272
 
1273
  function GOTMLS_ajax_position() {
1274
  $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
@@ -1304,10 +1317,11 @@ add_action('wp_ajax_GOTMLS_position', 'GOTMLS_ajax_position');
1304
  function GOTMLS_ajax_empty_trash() {
1305
  global $wpdb;
1306
  $gl = '><';
1307
- if ($trashed = $wpdb->query("DELETE FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'"))
 
1308
  $trashmsg = __("Emptied $trashed item from the quarantine trash.",'gotmls');
1309
- else
1310
- $trashmsg = __("Failed to empty the trash.",'gotmls');
1311
  $properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nif (curDiv = window.parent.document.getElementById('empty_trash_link'))\n\tcurDiv.style.display = 'none';\nalert('$trashmsg');\n</script$gl/head", "body" => 'style="margin: 0; padding: 0;"');
1312
  die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties));
1313
  }
@@ -1536,11 +1550,7 @@ add_action('wp_ajax_nopriv_GOTMLS_fix', 'GOTMLS_ajax_nopriv');
1536
  add_action('wp_ajax_nopriv_GOTMLS_whitelist', 'GOTMLS_ajax_nopriv');
1537
  add_action('wp_ajax_nopriv_GOTMLS_empty_trash', 'GOTMLS_ajax_nopriv');
1538
 
1539
- add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message");
1540
- add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);
1541
- add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2);
1542
  add_action("plugins_loaded", "GOTMLS_loaded");
1543
  add_action("admin_notices", "GOTMLS_admin_notices");
1544
  add_action("admin_menu", "GOTMLS_menu");
1545
- add_action("network_admin_menu", "GOTMLS_menu");
1546
- $init = add_action("admin_init", "GOTMLS_init");
8
  Contributors: scheeeli, gotmls
9
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10
  Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11
+ Version: 4.15.40
12
  */
13
  if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14
  include(dirname(__FILE__)."/safe-load/index.php");
676
  elseif ($only)
677
  return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` = 'private'");
678
  else
679
+ $args = array('posts_per_page' => (isset($_GET['posts_per_page'])&&is_numeric($_GET['posts_per_page'])&&$_GET['posts_per_page']>0?$_GET['posts_per_page']:200), 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
680
  if (isset($_POST["paged"]))
681
  $args["paged"] = $_POST["paged"];
682
  $my_query = new WP_Query($args);
875
  '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" value="'.$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_depth"].'" name="scan_depth" size="5"'.$gt.$lt.'br /'.$gt.__("how far to drill down",'gotmls').$lt.'br /'.$gt.'('.__("-1 is infinite depth",'gotmls').')'.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'br style="clear: left;"'.$gt;
876
  if (isset($_GET["SESSION"]) && isset($_SESSION["GOTMLS_debug"]['total'])) {$scan_opts .= $lt.'div style="float: right;"'.$gt.print_r($_SESSION["GOTMLS_debug"]['total'],1)."$lt/div$gt"; unset($_SESSION["GOTMLS_debug"]);}
877
  if (isset($_GET["eli"])) {//still testing this option
878
+ $scan_opts .= "\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom RegExp:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. Do not use this without talking to Eli first. If used incorrectly you could easily break your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'input type="text" name="check_custom" style="width: 100%;" value="'.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_custom"]).'" /'."$gt$lt/div$gt\n$lt".'div style="padding: 10px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.__("Custom Code to be Checked:",'gotmls').$lt.'/b'.$gt.' ('.__("For very advanced users only. If you enter anything in this box then no other files will be scanned on your site.",'gotmls').')'.$lt.'/p'.$gt.$lt.'textarea name="check_code" style="width: 100%;" rows=3'.$gt.htmlspecialchars($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["check_code"])."$lt/textarea$gt$lt/div$gt\n";
879
  }
880
  $scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extentions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$lt/a$gt":"").$lt.'/p'.$gt.'
881
  '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
882
  '.$lt.'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls').$lt.'/b'.$gt.$lt.'/p'.$gt.'
883
  '.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
884
+ '.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt.'/b'.$gt.$lt.'/td'.$gt.$lt.'td colspan=2'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt".'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="save_settings" value="'.__("Save Settings",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Save\';" /'.$gt.'&nbsp;'.$lt.'input type="submit" id="complete_scan" value="'.__("Run Complete Scan",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Complete Scan\';" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
885
  @ob_start();
886
  $OB_default_handlers = array("default output handler", "zlib output compression");
887
  $OB_handlers = @ob_list_handlers();
998
  }
999
  var startTime = 0;
1000
  '.$lt.'/script'.$gt.GOTMLS_box(GOTMLS_Scan_Settings_LANGUAGE, $scan_opts);
1001
+ update_option('GOTMLS_settings_array', $GLOBALS["GOTMLS"]["tmp"]["settings_array"]);
1002
+ if (isset($_REQUEST["scan_type"]) && $_REQUEST["scan_type"] == "Save")
1003
+ echo "\n{$lt}script type='text/javascript'$gt\nalert('Settings Saved!');\n$lt/script$gt\n";
1004
+ elseif (isset($_REQUEST["scan_what"]) && is_numeric($_REQUEST["scan_what"]) && ($_REQUEST["scan_what"] > -1)) {
1005
  if (!isset($_REQUEST["scan_type"]))
1006
  $_REQUEST["scan_type"] = "Complete Scan";
 
1007
  echo "\n$lt".'form method="POST" action="'.admin_url('admin-ajax.php').(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"?".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"'.$gt.$lt.'input type="hidden" name="action" value="GOTMLS_fix"'.$gt.$lt.'input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"'.$gt;
1008
  foreach ($_POST as $name => $value) {
1009
  if (substr($name, 0, 10) != 'GOTMLS_fix') {
1133
  "icon" => "threat"
1134
  )
1135
  );
1136
+ $patch_action = $lt.'form method="POST" name="GOTMLS_Form_XMLRPC_patch"'.$gt.$lt.'div style="float: right;"'.$gt.$lt.'input type="hidden" name="GOTMLS_XMLRPC_patching" value="1"'.$gt.$lt.'input type="submit" value="Block XMLRPC Access" style="display: none;" id="GOTMLS_XMLRPC_patch_button"'.$gt.$lt.'div id="GOTMLS_XMLRPC_patch_searching"'.$gt.__("Checking .htaccess file ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt.$lt.'/div'.$gt.$lt.'script'.$gt."\nfunction testComplete() {\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) || donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_XMLRPC_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("You must register and donate to use this feature!",'gotmls')."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".__("This feature is available to those who have donated!",'gotmls')."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_XMLRPC_patch_searching');\n\tshowhide('GOTMLS_XMLRPC_patch_button', true);\n}\n}\nwindow.onload=testComplete;\n$lt/script$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'p'.$gt.$lt.'b'.$gt.$lt.'img src="'.GOTMLS_images_path.'question.gif"'.$gt.'Allow/Block XMLRPC Access (';
1137
  $patch_found = false;
1138
+ $find = '|<Files[^>]+xmlrpc.php>(.+?)</Files>\s*(# END GOTMLS Patch to Block XMLRPC Access\s*)*|is';
1139
+ $head = str_replace(array('|<Files[^>]+', '(.+?)', '\\s*(', '\\s*)*|is'), array("<Files ", "\norder deny,allow\ndeny from all".(isset($_SERVER["REMOTE_ADDR"])?"\nallow from ".$_SERVER["REMOTE_ADDR"]:"").(isset($_SERVER["SERVER_ADDR"])?"\nallow from ".$_SERVER["SERVER_ADDR"]:"")."\n", "\n", "\n"), $find);
1140
  $htaccess = "";
1141
  if (is_file(ABSPATH.'.htaccess'))
1142
  if (($htaccess = @file_get_contents(ABSPATH.'.htaccess')) && strlen($htaccess))
1213
  echo "\n$lt/div$gt$lt/div$gt$lt/div$gt";
1214
  }
1215
 
1216
+ function GOTMLS_login_form($form_id = "loginform") {
1217
+ $sess = time();
1218
+ echo '<input type="hidden" name="session_id" value="'.substr($sess, 4).'"><input type="hidden" id="offset_id" value="0" name="sess'.substr($sess, 4).'"><script type="text/javascript">'."\nvar GOTMLS_login_offset = new Date();\nvar GOTMLS_login_offset_start = GOTMLS_login_offset.getTime() - ".$sess."000;\nfunction set_offset_id() {\n\tGOTMLS_login_offset = new Date();\n\tif (form_login = document.getElementById('offset_id'))\n\t\tform_login.value = GOTMLS_login_offset.getTime() - GOTMLS_login_offset_start;\n\tsetTimeout(set_offset_id, 15673);\n}\nset_offset_id();\n</script>\n";
1219
+ }
1220
+ add_action("login_form", "GOTMLS_login_form");
1221
+
1222
  function GOTMLS_set_plugin_action_links($links_array, $plugin_file) {
1223
  if ($plugin_file == substr(__file__, (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1224
  $links_array = array_merge(array('<a href="'.admin_url('admin.php?page=GOTMLS-settings').'"><span class="dashicons dashicons-admin-settings"></span>'.GOTMLS_Scan_Settings_LANGUAGE.'</a>'), $links_array);
1225
  return $links_array;
1226
  }
1227
+ add_filter("plugin_action_links", "GOTMLS_set_plugin_action_links", 1, 2);
1228
 
1229
  function GOTMLS_set_plugin_row_meta($links_array, $plugin_file) {
1230
  if ($plugin_file == substr(__file__, (-1 * strlen($plugin_file))) && strlen($plugin_file) > 10)
1231
  $links_array = array_merge($links_array, array('<a target="_blank" href="http://gotmls.net/faqs/">FAQ</a>','<a target="_blank" href="http://gotmls.net/support/">Support</a>','<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE"><span class="dashicons dashicons-heart"></span>Donate</a>'));
1232
  return $links_array;
1233
  }
1234
+ add_filter("plugin_row_meta", "GOTMLS_set_plugin_row_meta", 1, 2);
1235
+
1236
  function GOTMLS_in_plugin_update_message($args) {
1237
  $transient_name = "GOTMLS_upgrade_notice_".$args["Version"];//(false === ($upgrade_notice = get_transient($transient_name))) &&
1238
  if (($ret = GOTMLS_get_URL("https://plugins.svn.wordpress.org/gotmls/trunk/readme.txt"))) {
1248
  }
1249
  echo $upgrade_notice;
1250
  }
1251
+ add_action("in_plugin_update_message-gotmls/index.php", "GOTMLS_in_plugin_update_message");
1252
 
1253
  function GOTMLS_init() {
1254
  if (!isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_what"]))
1281
  else
1282
  $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"] = count(explode('/', trailingslashit(get_option("siteurl")))) - 1;
1283
  }
1284
+ add_action("admin_init", "GOTMLS_init");
1285
 
1286
  function GOTMLS_ajax_position() {
1287
  $GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');
1317
  function GOTMLS_ajax_empty_trash() {
1318
  global $wpdb;
1319
  $gl = '><';
1320
+ if ($trashed = $wpdb->query("DELETE FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) {
1321
+ $wpdb->query("REPAIR TABLE $wpdb->posts");
1322
  $trashmsg = __("Emptied $trashed item from the quarantine trash.",'gotmls');
1323
+ } else
1324
+ $trashmsg = __("Failed to empty the trash.",'gotmls');
1325
  $properties = array("html" => $gl.'head'.$gl."script type='text/javascript'>\nif (curDiv = window.parent.document.getElementById('empty_trash_link'))\n\tcurDiv.style.display = 'none';\nalert('$trashmsg');\n</script$gl/head", "body" => 'style="margin: 0; padding: 0;"');
1326
  die(GOTMLS_html_tags(array("html" => array("body" => $trashmsg)), $properties));
1327
  }
1550
  add_action('wp_ajax_nopriv_GOTMLS_whitelist', 'GOTMLS_ajax_nopriv');
1551
  add_action('wp_ajax_nopriv_GOTMLS_empty_trash', 'GOTMLS_ajax_nopriv');
1552
 
 
 
 
1553
  add_action("plugins_loaded", "GOTMLS_loaded");
1554
  add_action("admin_notices", "GOTMLS_admin_notices");
1555
  add_action("admin_menu", "GOTMLS_menu");
1556
+ add_action("network_admin_menu", "GOTMLS_menu");
 
readme.txt CHANGED
@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
- Version: 4.15.30
9
- Stable tag: 4.15.30
10
  Requires at least: 3.3
11
- Tested up to: 4.2.2
12
 
13
  This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14
 
@@ -29,7 +29,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
29
  * Check the integrity of your WordPress Core files.
30
  * Automatically Download Definition Updates When running a Complete Scan.
31
 
32
- Updated July 17th
33
 
34
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35
 
@@ -94,6 +94,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
94
 
95
  == Changelog ==
96
 
 
 
 
 
 
97
  = 4.15.30 =
98
  * Added a link to purge the deleted Quarantine items from the database.
99
  * Added firewall option to Block all XMLRPC calls.
@@ -350,6 +355,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
350
 
351
  == Upgrade Notice ==
352
 
 
 
 
353
  = 4.15.30 =
354
  Added a new firewall option to Block all XMLRPC calls and a link to purge the deleted Quarantine items from the database, and fixed a few cosmetic bugs in the quarantine and firewall options.
355
 
5
  Contributors: scheeeli, gotmls
6
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7
  Tags: anti-malware, security, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8
+ Version: 4.15.40
9
+ Stable tag: 4.15.40
10
  Requires at least: 3.3
11
+ Tested up to: 4.3.1
12
 
13
  This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14
 
29
  * Check the integrity of your WordPress Core files.
30
  * Automatically Download Definition Updates When running a Complete Scan.
31
 
32
+ Updated October 1st
33
 
34
  Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
35
 
94
 
95
  == Changelog ==
96
 
97
+ = 4.15.40 =
98
+ * Improved the Brute-Force login patch with custom fields and JavaScript.
99
+ * Added a Save button to that Scan Settings page.
100
+ * Fixed a bug in the XMLRPC Patch "Unblock" feature.
101
+
102
  = 4.15.30 =
103
  * Added a link to purge the deleted Quarantine items from the database.
104
  * Added firewall option to Block all XMLRPC calls.
355
 
356
  == Upgrade Notice ==
357
 
358
+ = 4.15.40 =
359
+ Improved the Brute-Force login patch with custom fields and JavaScript, added a Save button to that Scan Settings page, and fixed a bug in the XMLRPC Patch.
360
+
361
  = 4.15.30 =
362
  Added a new firewall option to Block all XMLRPC calls and a link to purge the deleted Quarantine items from the database, and fixed a few cosmetic bugs in the quarantine and firewall options.
363
 
safe-load/index.php CHANGED
@@ -4,18 +4,18 @@
4
  * @package GOTMLS
5
  */
6
 
7
- if (!(isset($_SESSION["GOTMLS_detected_attacks"]) && $_SESSION["GOTMLS_detected_attacks"])) {
8
  $file = (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:__FILE__);
9
- $_SESSION["GOTMLS_detected_attacks"] = '&attack[]='.strtolower((isset($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($file))?substr($file, strlen($_SERVER["DOCUMENT_ROOT"])):basename($file));
10
  }
11
  foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_USER_AGENT") as $var)
12
- $_SESSION["GOTMLS_detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13
- foreach (array("log") as $var)
14
- $_SESSION["GOTMLS_detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]):"");
15
  $ver = "Unknown";
16
  if ($file = str_replace(basename(dirname(__FILE__)), basename(__FILE__), dirname(__FILE__)))
17
  if (is_file($file) && $contents = @file_get_contents($file))
18
  if (preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
19
  $ver = $match[1];
20
- header("location: http://safe-load.gotmls.net/report.php?ver=$ver".$_SESSION["GOTMLS_detected_attacks"]);
21
  die();
4
  * @package GOTMLS
5
  */
6
 
7
+ if (!(isset($GLOBALS["GOTMLS"]["detected_attacks"]) && $GLOBALS["GOTMLS"]["detected_attacks"])) {
8
  $file = (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:__FILE__);
9
+ $GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]='.strtolower((isset($_SERVER["DOCUMENT_ROOT"]) && strlen($_SERVER["DOCUMENT_ROOT"]) < strlen($file))?substr($file, strlen($_SERVER["DOCUMENT_ROOT"])):basename($file));
10
  }
11
  foreach (array("REMOTE_ADDR", "HTTP_HOST", "REQUEST_URI", "HTTP_REFERER", "HTTP_USER_AGENT") as $var)
12
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= (isset($_SERVER[$var])?"&SERVER_$var=".urlencode($_SERVER[$var]):"");
13
+ foreach (array("log", "session_id") as $var)
14
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= (isset($_POST[$var])?"&POST_$var=".urlencode($_POST[$var]).(isset($_POST["sess".$_POST[$var]])?"&TIME=".time()."&POST_sess$var=".urlencode($_POST["sess".$_POST[$var]]):""):"");
15
  $ver = "Unknown";
16
  if ($file = str_replace(basename(dirname(__FILE__)), basename(__FILE__), dirname(__FILE__)))
17
  if (is_file($file) && $contents = @file_get_contents($file))
18
  if (preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
19
  $ver = $match[1];
20
+ header("location: http://safe-load.gotmls.net/report.php?ver=$ver".$GLOBALS["GOTMLS"]["detected_attacks"]);
21
  die();
safe-load/wp-login.php CHANGED
@@ -4,82 +4,91 @@
4
  * @package GOTMLS
5
  */
6
 
7
- include(dirname(__FILE__)."/session.php");
8
  if (!defined("GOTMLS_REQUEST_METHOD"))
9
  define("GOTMLS_REQUEST_METHOD", (isset($_SERVER["REQUEST_METHOD"])?strtoupper($_SERVER["REQUEST_METHOD"]):"none"));
10
- if (!function_exists("GOTMLS_update_log_file")) {
11
- function GOTMLS_update_log_file($dont_force_write = true) {
12
- if (!defined("GOTMLS_SESSION_FILE"))
13
- define("GOTMLS_SESSION_FILE", dirname(__FILE__)."/_SESSION/index.php");
14
- if (is_file(GOTMLS_SESSION_FILE))
15
- include(GOTMLS_SESSION_FILE);
16
- else {
17
- if (!is_dir(dirname(GOTMLS_SESSION_FILE)))
18
- @mkdir(dirname(GOTMLS_SESSION_FILE));
19
- if (is_dir(dirname(GOTMLS_SESSION_FILE)))
20
- if (!is_file(GOTMLS_SESSION_FILE))
21
- if (file_put_contents(GOTMLS_SESSION_FILE, "<?php if (!defined('GOTMLS_INSTALL_TIME')) define('GOTMLS_INSTALL_TIME', '".GOTMLS_SESSION_TIME."');"))
22
- include(GOTMLS_SESSION_FILE);
23
- }
24
- if (!defined("GOTMLS_INSTALL_TIME"))
25
- return false;
26
- else {
27
- $GOTMLS_LOGIN_ARRAY = array("ADDR"=>(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"REMOTE_ADDR"), "AGENT"=>(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"HTTP_USER_AGENT"), "TIME"=>GOTMLS_INSTALL_TIME);
28
- $GOTMLS_LOGIN_KEY = md5(serialize($GOTMLS_LOGIN_ARRAY));
29
- if (!defined("GOTMLS_LOG_FILE"))
30
- define("GOTMLS_LOG_FILE", dirname(GOTMLS_SESSION_FILE)."/.GOTMLS.$GOTMLS_LOGIN_KEY.php");
31
- if (is_file(GOTMLS_LOG_FILE))
32
- include(GOTMLS_LOG_FILE);
33
- if (GOTMLS_REQUEST_METHOD == "POST")
34
- $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD][GOTMLS_INSTALL_TIME] = $GOTMLS_LOGIN_ARRAY;
35
- else
36
- $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD] = GOTMLS_INSTALL_TIME;
37
- @file_put_contents(GOTMLS_LOG_FILE, '<?php $GLOBALS["GOTMLS"]["logins"]["'.$GOTMLS_LOGIN_KEY.'"]=unserialize(base64_decode("'.base64_encode(serialize($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY])).'"));');
38
- if (isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]))
39
- return $GOTMLS_LOGIN_KEY;
40
- else
41
- return 0;
 
 
 
 
 
 
 
 
 
 
42
  }
43
  }
44
- }
45
- if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && !(isset($GOTMLS_LOGIN_KEY) && isset($GOTMLS_logins[$GOTMLS_LOGIN_KEY]["whitelist"]))) {
46
- if (!(isset($_SESSION["GOTMLS_detected_attacks"]) && $_SESSION["GOTMLS_SESSION_LAST"]))
47
- $_SESSION["GOTMLS_detected_attacks"] = '&attack[]=NO_SESSION';
48
- if (!isset($_SERVER["REMOTE_ADDR"]))
49
- $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_REMOTE_ADDR';
50
- if (!isset($_SERVER["HTTP_USER_AGENT"]))
51
- $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_HTTP_USER_AGENT';
52
- if (!isset($_SERVER["HTTP_REFERER"]))
53
- $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_HTTP_REFERER';
54
- if (!$_SESSION["GOTMLS_detected_attacks"]) {
55
- if (isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && strlen($_SESSION["GOTMLS_login_attempts"]."") > 0)
56
- $_SESSION["GOTMLS_login_attempts"]++;
57
- else {
58
- if ($GOTMLS_LOGIN_KEY = GOTMLS_update_log_file()) {
59
- if (!(isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"])))
60
- $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_LOGIN_ATTEMPTS';
61
- elseif (!isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"]))
62
- $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_LOGIN_GETS';
63
- else {
64
- $_SESSION["GOTMLS_login_attempts"] = 0;
65
- foreach ($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"] as $LOGIN_TIME=>$LOGIN_ARRAY) {
66
- if ($LOGIN_TIME > $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"])
67
- $_SESSION["GOTMLS_login_attempts"]++;
68
- else
69
- unset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"][$LOGIN_TIME]);
70
  }
71
- }
72
- } else
73
- $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=NO_LOG_FILE';
 
 
74
  }
75
- if (!(isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && ($_SESSION["GOTMLS_login_attempts"] < 6) && $_SESSION["GOTMLS_login_attempts"]))
76
- $_SESSION["GOTMLS_detected_attacks"] .= '&attack[]=TOO_MANY_login_attempts';
 
 
 
 
 
77
  }
78
- if ($_SESSION["GOTMLS_detected_attacks"])
79
- include(dirname(__FILE__)."/index.php");
80
- } else {
81
- if (isset($_SERVER["SCRIPT_FILENAME"]) && basename(__FILE__) == basename($_SERVER["SCRIPT_FILENAME"]))
82
- GOTMLS_update_log_file();
83
- $_SESSION["GOTMLS_detected_attacks"] = '';
84
- $_SESSION["GOTMLS_login_attempts"] = 0;
85
  }
4
  * @package GOTMLS
5
  */
6
 
 
7
  if (!defined("GOTMLS_REQUEST_METHOD"))
8
  define("GOTMLS_REQUEST_METHOD", (isset($_SERVER["REQUEST_METHOD"])?strtoupper($_SERVER["REQUEST_METHOD"]):"none"));
9
+ if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && isset($_POST["session_id"]) && isset($_POST["sess".$_POST["session_id"]]) && is_numeric($_POST["sess".$_POST["session_id"]])) {
10
+ $sess = round($_POST["sess".$_POST["session_id"]] / 60000);
11
+ $time = round(time() / 60);
12
+ if ((($time - $sess) > 2) || (($sess - $time) > 2)) {
13
+ $GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]=NO_JS';
14
+ include(dirname(__FILE__)."/index.php");
15
+ }
16
+ } else {
17
+ include(dirname(__FILE__)."/session.php");
18
+ if (!function_exists("GOTMLS_update_log_file")) {
19
+ function GOTMLS_update_log_file($dont_force_write = true) {
20
+ if (!defined("GOTMLS_SESSION_FILE"))
21
+ define("GOTMLS_SESSION_FILE", dirname(__FILE__)."/_SESSION/index.php");
22
+ if (is_file(GOTMLS_SESSION_FILE))
23
+ include(GOTMLS_SESSION_FILE);
24
+ else {
25
+ if (!is_dir(dirname(GOTMLS_SESSION_FILE)))
26
+ @mkdir(dirname(GOTMLS_SESSION_FILE));
27
+ if (is_dir(dirname(GOTMLS_SESSION_FILE)))
28
+ if (!is_file(GOTMLS_SESSION_FILE))
29
+ if (file_put_contents(GOTMLS_SESSION_FILE, "<?php if (!defined('GOTMLS_INSTALL_TIME')) define('GOTMLS_INSTALL_TIME', '".GOTMLS_SESSION_TIME."');"))
30
+ include(GOTMLS_SESSION_FILE);
31
+ }
32
+ if (!defined("GOTMLS_INSTALL_TIME"))
33
+ return false;
34
+ else {
35
+ $GOTMLS_LOGIN_ARRAY = array("ADDR"=>(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:"REMOTE_ADDR"), "AGENT"=>(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"HTTP_USER_AGENT"), "TIME"=>GOTMLS_INSTALL_TIME);
36
+ $GOTMLS_LOGIN_KEY = md5(serialize($GOTMLS_LOGIN_ARRAY));
37
+ if (!defined("GOTMLS_LOG_FILE"))
38
+ define("GOTMLS_LOG_FILE", dirname(GOTMLS_SESSION_FILE)."/.GOTMLS.$GOTMLS_LOGIN_KEY.php");
39
+ if (is_file(GOTMLS_LOG_FILE))
40
+ include(GOTMLS_LOG_FILE);
41
+ if (GOTMLS_REQUEST_METHOD == "POST")
42
+ $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD][GOTMLS_INSTALL_TIME] = $GOTMLS_LOGIN_ARRAY;
43
+ else
44
+ $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY][GOTMLS_REQUEST_METHOD] = GOTMLS_INSTALL_TIME;
45
+ @file_put_contents(GOTMLS_LOG_FILE, '<?php $GLOBALS["GOTMLS"]["logins"]["'.$GOTMLS_LOGIN_KEY.'"]=unserialize(base64_decode("'.base64_encode(serialize($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY])).'"));');
46
+ if (isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]))
47
+ return $GOTMLS_LOGIN_KEY;
48
+ else
49
+ return 0;
50
+ }
51
  }
52
  }
53
+ if ((GOTMLS_REQUEST_METHOD == "POST") && isset($_POST["log"]) && isset($_POST["pwd"]) && !(isset($GOTMLS_LOGIN_KEY) && isset($GOTMLS_logins[$GOTMLS_LOGIN_KEY]["whitelist"]))) {
54
+ if (!(isset($_SESSION["GOTMLS_detected_attacks"]) && $_SESSION["GOTMLS_SESSION_LAST"]))
55
+ $GLOBALS["GOTMLS"]["detected_attacks"] = '&attack[]=NO_SESSION';
56
+ if (!isset($_SERVER["REMOTE_ADDR"]))
57
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_REMOTE_ADDR';
58
+ if (!isset($_SERVER["HTTP_USER_AGENT"]))
59
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_USER_AGENT';
60
+ if (!isset($_SERVER["HTTP_REFERER"]))
61
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_HTTP_REFERER';
62
+ if (!$GLOBALS["GOTMLS"]["detected_attacks"]) {
63
+ if (isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && strlen($_SESSION["GOTMLS_login_attempts"]."") > 0)
64
+ $_SESSION["GOTMLS_login_attempts"]++;
65
+ else {
66
+ if ($GOTMLS_LOGIN_KEY = GOTMLS_update_log_file()) {
67
+ if (!(isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"]) && is_array($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"])))
68
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOGIN_ATTEMPTS';
69
+ elseif (!isset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"]))
70
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOGIN_GETS';
71
+ else {
72
+ $_SESSION["GOTMLS_login_attempts"] = 0;
73
+ foreach ($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"] as $LOGIN_TIME=>$LOGIN_ARRAY) {
74
+ if ($LOGIN_TIME > $GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["GET"])
75
+ $_SESSION["GOTMLS_login_attempts"]++;
76
+ else
77
+ unset($GLOBALS["GOTMLS"]["logins"][$GOTMLS_LOGIN_KEY]["POST"][$LOGIN_TIME]);
78
+ }
79
  }
80
+ } else
81
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=NO_LOG_FILE';
82
+ }
83
+ if (!(isset($_SESSION["GOTMLS_login_attempts"]) && is_numeric($_SESSION["GOTMLS_login_attempts"]) && ($_SESSION["GOTMLS_login_attempts"] < 6) && $_SESSION["GOTMLS_login_attempts"]))
84
+ $GLOBALS["GOTMLS"]["detected_attacks"] .= '&attack[]=TOO_MANY_login_attempts';
85
  }
86
+ if ($GLOBALS["GOTMLS"]["detected_attacks"])
87
+ include(dirname(__FILE__)."/index.php");
88
+ } else {
89
+ if (isset($_SERVER["SCRIPT_FILENAME"]) && basename(__FILE__) == basename($_SERVER["SCRIPT_FILENAME"]))
90
+ GOTMLS_update_log_file();
91
+ $_SESSION["GOTMLS_detected_attacks"] = '';
92
+ $_SESSION["GOTMLS_login_attempts"] = 0;
93
  }
 
 
 
 
 
 
 
94
  }