Anti-Malware Security and Brute-Force Firewall

Version Description

Added Title check to make sure it does say you were hacked.
Updated code for compatibility with WP 4.8.3 (latest release).
Fixed Undefined variable error in Quarantine.
Fixed XSS vulnerability in nonce error output.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.17.44
Comparing to
See all releases

Code changes from version 4.17.29 to 4.17.44

Files changed (4) hide show

images/index.php +3 -3
index.php +25 -26
readme.txt +15 -31
safe-load/wp-settings.php +80 -6

images/index.php CHANGED Viewed

	@@ -139,7 +139,7 @@ GOTMLS_define("GOTMLS_update_home", "//updates.gotmls.net/".GOTMLS_installation_
139
140	if (!function_exists("GOTMLS_Invalid_Nonce")) {
141	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
142	- return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(~~" ".$~~_REQUEST["GOTMLS_mt"].((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]:" !found"):" !len(".strlen($_REQUEST["GOTMLS_mt"]).")")):" GOTMLS_mt !set");
143	}}
144
145	if (!function_exists("GOTMLS_set_nonce")) {
	@@ -316,7 +316,7 @@ function select_text_range(ta_id, start, end) {
316	} else
317	alert("The highlighting function does not work in your browser");
318	}
319	- </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="?'.GOTMLS_set_nonce(__FUNCTION__."1522").'&page=GOTMLS-View-Quarantine~~&GOTMLS_mt='.$_REQUEST[~~"~~GOTMLS_mt"].'"~~ onsubmit="return confirm(\''.__("Are you sure you want to restore this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="id[]" value="'.$Q_post["ID"].'"><input type="submit" value="RESTORE from Quarantine" style="display: none; background-color: #0C0; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
320	} else
321	die('<h3>Item NOT Found in Quarantine</h3>');
322	} else {
	@@ -487,7 +487,7 @@ function GOTMLS_loaded() {
487
488	if (!function_exists("add_action")) {
489	GOTMLS_loaded();
490	- GOTMLS_admin_notices();
491	}
492
493	function GOTMLS_fileperms($file) {


139
140	if (!function_exists("GOTMLS_Invalid_Nonce")) {
141	function GOTMLS_Invalid_Nonce($pre = "//Error: ") {
142	+ return $pre.__("Invalid or expired Nonce Token!",'gotmls').(isset($_REQUEST["GOTMLS_mt"])?(htmlspecialchars($_REQUEST["GOTMLS_mt"]).((strlen($_REQUEST["GOTMLS_mt"]) == 32)?(isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])?$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]]:" !found"):" !len(".strlen($_REQUEST["GOTMLS_mt"]).")")):" GOTMLS_mt !set");
143	}}
144
145	if (!function_exists("GOTMLS_set_nonce")) {

316	} else
317	alert("The highlighting function does not work in your browser");
318	}
319	+ </script><table style="top: 0px; left: 0px; width: 100%; height: 100%; position: absolute;"><tr><td style="width: 100%"><form style="margin: 0;" method="post" action="?'.GOTMLS_set_nonce(__FUNCTION__."1522").'&page=GOTMLS-View-Quarantine" onsubmit="return confirm(\''.__("Are you sure you want to restore this file from the quarantine?",'gotmls').'\');"><input type="hidden" name="id[]" value="'.$Q_post["ID"].'"><input type="submit" value="RESTORE from Quarantine" style="display: none; background-color: #0C0; float: right;"></form><div id="fileperms" class="shadowed-box rounded-corners" style="display: none; position: absolute; left: 8px; top: 29px; background-color: #ccc; border: medium solid #C00; box-shadow: -3px 3px 3px #666; border-radius: 10px; padding: 10px;"><b>File Details</b><br />encoding: '.(function_exists("mb_detect_encoding")?mb_detect_encoding($GLOBALS["GOTMLS"]["tmp"]["file_contents"]):"Unknown").'<br />size: '.strlen($GLOBALS["GOTMLS"]["tmp"]["file_contents"]).' bytes<br />infected:'.$Q_post["post_modified_gmt"].'<br />quarantined:'.$Q_post["post_date_gmt"].'</div><div style="overflow: auto;"><span onmouseover="document.getElementById(\'fileperms\').style.display=\'block\';" onmouseout="document.getElementById(\'fileperms\').style.display=\'none\';">'.__("File Details:",'gotmls').'</span> ('.$fa.' )</div></td></tr><tr><td style="height: 100%"><textarea id="ta_file" style="width: 100%; height: 100%">'.htmlentities(str_replace("\r", "", $GLOBALS["GOTMLS"]["tmp"]["file_contents"])).'</textarea></td></tr></table>');
320	} else
321	die('<h3>Item NOT Found in Quarantine</h3>');
322	} else {

487
488	if (!function_exists("add_action")) {
489	GOTMLS_loaded();
490	+ // GOTMLS_admin_notices();
491	}
492
493	function GOTMLS_fileperms($file) {

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.17.29
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -624,31 +624,26 @@ function GOTMLS_get_quarantine($only = false) {
624	$args = array('posts_per_page' => (isset($_GET['posts_per_page'])&&is_numeric($_GET['posts_per_page'])&&$_GET['posts_per_page']>0?$_GET['posts_per_page']:200), 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
625	if (isset($_POST["paged"]))
626	$args["paged"] = $_POST["paged"];
627	- if ($~~old_files~~) {
628	- $Q_Paged = '<form method="POST" name="GOTMLS_Form_page">';
629	- $Q_Page = '<form method="POST" name="GOTMLS_Form_clean"><input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."695")).'">'.__("You have old Quarantined files in the uploads directory on your server. The new quarantine is in your WordPress Database. You need to import these files into your database where they will be safer or just delete the quarantine folder inside /wp-content/uploads/ if you would rather just delete them.",'gotmls').'<br /><input type="submit" value="Import Quarantined Files Now">';
630	- } ~~else~~ {
631	- $my_query ~~= new WP_Query~~(~~$args~~);
632	- $~~Q_Paged~~ = '<~~form~~ ~~method~~="~~POST~~" ~~name~~="~~GOTMLS_Form_page~~"><input type="~~hidden~~" id="~~GOTMLS_paged~~" ~~name~~="~~paged~~" value="1"~~><div~~ ~~style~~="~~float:~~ ~~left~~;">~~Page:</div~~>';
633	- $~~Q_Page~~ = '
634	- ~~<form~~ ~~method~~=~~"POST"~~ ~~action="'.admin_url~~(~~'admin-ajax.php?'.GOTMLS_set_nonce~~(~~__FUNCTION__."700"~~)).(~~isset~~($~~_SERVER~~["~~QUERY_STRING~~"]~~)&&strlen($_SERVER~~["~~QUERY_STRING~~"])?"&"~~.$_SERVER~~["~~QUERY_STRING~~"]~~:""~~)~~.'"~~ ~~target="GOTMLS_iFrame"~~ ~~name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="~~1~~"><input type="hidden" name="action" value="GOTMLS_fix">'~~;
635	- if ($my_query->have_posts()) {
636	- $~~Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__~~(~~"Restore selected files",'gotmls'~~)~~.'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1)~~; loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
637	- ~~<ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.(~~$~~my_query->post_count>1?'<input~~ ~~type="checkbox"~~ ~~onchange="checkAllFiles(this.checked); document.getElementById(\~~'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
638	- ~~$root_path~~ = ~~implode(GOTMLS_slash(),~~ ~~array_slice~~(~~GOTMLS_explode_dir(__FILE__~~), 0, (2 + ~~intval($GLOBALS[~~"~~GOTMLS~~"]["~~tmp~~"]["~~settings_array~~"~~]["scan_level"]~~)) * -1));
639	- ~~while ($my_query->have_posts()) {~~
640	- $~~my_query->the_post()~~;
641	- $~~Q_Page~~ .= '
642	- <li id="~~GOTMLS_quarantine_'.$post->ID.'~~" ~~class~~="~~GOTMLS_quarantine_item~~"~~><span~~ ~~class~~="~~GOTMLS_date">~~'.$~~post->post_date_gmt~~.'~~</span><span class=~~"~~GOTMLS_date">~~'~~.$post->post_modified_gmt~~.~~'</span><input~~ ~~type=~~"~~checkbox~~" ~~name=~~"~~GOTMLS_fix[~~]" ~~value=~~"~~'.$post->ID.'~~" ~~id=~~"~~check_'.$post->ID~~.'" ~~onchange~~="document.getElementById(\'~~quarantine_buttons~~\').~~style.display~~ = \'~~block~~\';" ~~/><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q"~~>'~~.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."</a></li>\n"~~;
643	- }
644	- ~~$Q_Page~~ ~~.= "\n</ul>";~~
645	- ~~for (~~$p = 1; $p <= ~~$my_query->max_num_pages~~; ~~$p++) {~~
646	- ~~$Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.~~(~~(isset($_POST["paged"]~~) ~~&& $_POST["paged"] == $p) \|\| (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' onclick="document.getElementById(\'GOTMLS_paged\').value = \''.$p.'\'~~;~~">';~~
647	- }
648	- } else
649	- $Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
650	- wp_reset_query();
651	- }
652	$return = "$Q_Paged\n</form><br style=\"clear: left;\" />\n$Q_Page\n</form>\n$Q_Paged\n</form><br style=\"clear: left;\" />\n";
653	if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1)
654	$return = '<a href="'.admin_url('admin-ajax.php?action=GOTMLS_empty_trash&'.GOTMLS_set_nonce(__FUNCTION__."720")).'" id="empty_trash_link" style="float: right;" target="GOTMLS_statusFrame">['.sprintf(__("Clear %s Deleted Files from the Trash",'gotmls'), $trashed)."]</a>$return";
	@@ -1085,6 +1080,10 @@ function GOTMLS_settings() {
1085	$scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extensions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$lt/a$gt":"").$lt.'/p'.$gt.'
1086	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'."$gt$lt/div$gt$lt".'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls')."$lt/b$gt$lt/p$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
1087	'.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt."br$gt$lt/b$gt$lt/td$gt$lt".'td'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'br'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt".'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="save_settings" value="'.__("Save Settings",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Save\';" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";




1088	@ob_start();
1089	$OB_default_handlers = array("default output handler", "zlib output compression");
1090	$OB_handlers = @ob_list_handlers();


8	Contributors: scheeeli, gotmls
9	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.17.44
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))
14	include(dirname(__FILE__)."/safe-load/index.php");

624	$args = array('posts_per_page' => (isset($_GET['posts_per_page'])&&is_numeric($_GET['posts_per_page'])&&$_GET['posts_per_page']>0?$_GET['posts_per_page']:200), 'orderby' => 'date', 'post_type' => 'GOTMLS_quarantine', "post_status" => "private");
625	if (isset($_POST["paged"]))
626	$args["paged"] = $_POST["paged"];
627	+ $my_query = new WP_Query($args);
628	+ $Q_Paged = '<form method="POST" name="GOTMLS_Form_page"><input type="hidden" id="GOTMLS_paged" name="paged" value="1"><div style="float: left;">Page:</div>';
629	+ $Q_Page = '
630	+ <form method="POST" action="'.admin_url('admin-ajax.php?'.GOTMLS_set_nonce(__FUNCTION__."700")).(isset($_SERVER["QUERY_STRING"])&&strlen($_SERVER["QUERY_STRING"])?"&".$_SERVER["QUERY_STRING"]:"").'" target="GOTMLS_iFrame" name="GOTMLS_Form_clean"><input type="hidden" id="GOTMLS_fixing" name="GOTMLS_fixing" value="1"><input type="hidden" name="action" value="GOTMLS_fix">';
631	+ if ($my_query->have_posts()) {
632	+ $Q_Page .= '<p id="quarantine_buttons" style="display: none;"><input id="repair_button" type="submit" value="'.__("Restore selected files",'gotmls').'" class="button-primary" onclick="if (confirm(\''.__("Are you sure you want to overwrite the previously cleaned files with the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(1); loadIframe(\'File Restoration Results\'); } else return false;" /><input id="delete_button" type="submit" class="button-primary" value="'.__("Delete selected files",'gotmls').'" onclick="if (confirm(\''.__("Are you sure you want to permanently delete the selected files in the Quarantine?",'gotmls').'\')) { setvalAllFiles(2); loadIframe(\'File Deletion Results\'); } else return false;" /></p><p><b>'.__("The following items have been found to contain malicious code, they have been cleaned, and the original infected file contents have been saved here in the Quarantine. The code is safe here and you do not need to do anything further with these files.",'gotmls').'</b></p>
633	+ <ul name="found_Quarantine" id="found_Quarantine" class="GOTMLS_plugin known" style="background-color: #ccc; padding: 0;"><h3 style="margin: 8px 12px;">'.($my_query->post_count>1?'<input type="checkbox" onchange="checkAllFiles(this.checked); document.getElementById(\'quarantine_buttons\').style.display = \'block\';"> '.sprintf(__("Check all %d",'gotmls'),$my_query->post_count):"").__(" Items in Quarantine",'gotmls').'<span class="GOTMLS_date">'.__("Quarantined",'gotmls').'</span><span class="GOTMLS_date">'.__("Date Infected",'gotmls').'</span></h3>';
634	+ $root_path = implode(GOTMLS_slash(), array_slice(GOTMLS_explode_dir(__FILE__), 0, (2 + intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"])) * -1));
635	+ while ($my_query->have_posts()) {
636	+ $my_query->the_post();
637	+ $Q_Page .= '
638	+ <li id="GOTMLS_quarantine_'.$post->ID.'" class="GOTMLS_quarantine_item"><span class="GOTMLS_date">'.$post->post_date_gmt.'</span><span class="GOTMLS_date">'.$post->post_modified_gmt.'</span><input type="checkbox" name="GOTMLS_fix[]" value="'.$post->ID.'" id="check_'.$post->ID.'" onchange="document.getElementById(\'quarantine_buttons\').style.display = \'block\';" /><img src="'.GOTMLS_images_path.'blocked.gif" height=16 width=16 alt="Q">'.GOTMLS_error_link(__("View Quarantined File",'gotmls'), $post->ID).str_replace($root_path, "...", $post->post_title)."</a></li>\n";
639	+ }
640	+ $Q_Page .= "\n</ul>";
641	+ for ($p = 1; $p <= $my_query->max_num_pages; $p++) {
642	+ $Q_Paged .= '<input class="GOTMLS_page" type="submit" value="'.$p.'"'.((isset($_POST["paged"]) && $_POST["paged"] == $p) \|\| (!isset($_POST["paged"]) && 1 == $p)?" DISABLED":"").' onclick="document.getElementById(\'GOTMLS_paged\').value = \''.$p.'\';">';
643	+ }
644	+ } else
645	+ $Q_Page .= '<h3>'.__("No Items in Quarantine",'gotmls').'</h3>';
646	+ wp_reset_query();





647	$return = "$Q_Paged\n</form><br style=\"clear: left;\" />\n$Q_Page\n</form>\n$Q_Paged\n</form><br style=\"clear: left;\" />\n";
648	if (($trashed = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE `post_type` = 'GOTMLS_quarantine' AND `post_status` != 'private'")) > 1)
649	$return = '<a href="'.admin_url('admin-ajax.php?action=GOTMLS_empty_trash&'.GOTMLS_set_nonce(__FUNCTION__."720")).'" id="empty_trash_link" style="float: right;" target="GOTMLS_statusFrame">['.sprintf(__("Clear %s Deleted Files from the Trash",'gotmls'), $trashed)."]</a>$return";

1080	$scan_opts .= "\n$lt".'p'.$gt.$lt.'b'.$gt.__("Skip files with the following extensions:",'gotmls')."$lt/b$gt".(($default_exclude_ext!=implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]))?" {$lt}a href=\"javascript:void(0);\" onclick=\"document.getElementById('exclude_ext').value = '$default_exclude_ext';\"{$gt}[Restore Defaults]$lt/a$gt":"").$lt.'/p'.$gt.'
1081	'.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a comma separated list of file extentions to skip",'gotmls').'" name="exclude_ext" id="exclude_ext" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_ext"]).'" style="width: 100%;" /'."$gt$lt/div$gt$lt".'p'.$gt.$lt.'b'.$gt.__("Skip directories with the following names:",'gotmls')."$lt/b$gt$lt/p$gt$lt".'div style="padding: 0 30px;"'.$gt.$lt.'input type="text" placeholder="'.__("a folder name or comma separated list of folder names to skip",'gotmls').'" name="exclude_dir" value="'.implode(",", $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["exclude_dir"]).'" style="width: 100%;" /'.$gt.$lt.'/div'.$gt.'
1082	'.$lt.'table style="width: 100%" cellspacing="10"'.$gt.$lt.'tr'.$gt.$lt.'td nowrap valign="top" style="white-space: nowrap; width: 1px;"'.$gt.$lt.'b'.$gt.__("Automatically Update Definitions:",'gotmls').$lt."br$gt$lt/b$gt$lt/td$gt$lt".'td'.$gt.$lt.'div id="UPDATE_definitions_div"'.$gt.$lt.'br'.$gt.$lt.'span style="color: #C00;"'.$gt.__("This new BETA feature is only available to registered users who have donated at a certain level.",'gotmls')."$lt/span$gt$lt/div$gt$lt/td$gt$lt".'td align="right" valign="bottom"'.$gt.$lt.'input type="submit" id="save_settings" value="'.__("Save Settings",'gotmls').'" class="button-primary" onclick="document.getElementById(\'scan_type\').value=\'Save\';" /'."$gt$lt/td$gt$lt/tr$gt$lt/table$gt$lt/form$gt";
1083	+ $title_tagline = $lt."li$gt Site Title: ".htmlspecialchars($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogname'"));
1084	+ $title_tagline .= "$lt/li$gt$lt"."li$gt Tagline: ".htmlspecialchars($wpdb->get_var("SELECT `option_value` FROM `$wpdb->options` WHERE `option_name` = 'blogdescription'"));
1085	+ if (preg_match('/h[\@a]ck[3e]d.*by/is', $title_tagline))
1086	+ echo $lt.'div class="error"'.$gt.sprintf(__("Your Site Title or Tagline suggests that you may have been hacked ...%sThis prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins. You can change those options on the %sGeneral Settings$lt/a$gt page.",'gotmls'), "$title_tagline$lt/li$gt", $lt.'a href="'.admin_url("options-general.php").'"'.$gt)."$lt/div$gt";
1087	@ob_start();
1088	$OB_default_handlers = array("default output handler", "zlib output compression");
1089	$OB_handlers = @ob_list_handlers();

readme.txt CHANGED Viewed

	@@ -5,10 +5,10 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.17.29
9	- Stable tag: 4.17.29
10	Requires at least: 3.3
11	- Tested up to: 4.8.1
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14
	@@ -27,7 +27,7 @@ This Anti-Malware scanner searches for Malware, Viruses, and other security thre
27	* Check the integrity of your WordPress Core files.
28	* Automatically download new Definition Updates when running a Complete Scan.
29
30	- Updated ~~August~~ 4th
31
32	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
33
	@@ -94,6 +94,12 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
94
95	== Changelog ==
96






97	= 4.17.29 =
98	* Changed the definition update URL to only use SSL when required.
99	* Updated PayPal form for better domestic IPN compatibility.
	@@ -313,20 +319,10 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
313	= 3.07.06 =
314	* Added SSL support for definition updates and registration form.
315	* Upgraded the Whitelist feature so the it could not contain duplicates.
316	-
317	- = 1.3.05.31 =
318	* Downgraded the WP-Login threat and changed it to an opt-in fix.
319	-
320	- = 1.3.05.14 =
321	* Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
322	-
323	- = 1.3.05.13 =
324	* Added ability to whitelist files.
325	-
326	- = 1.3.04.19 =
327	* Fixed a major bug in yesterdays release broke the login page on some sites.
328	-
329	- = 1.3.04.17 =
330	* Added a patch for the wp-login.php brute force attack that has been going around.
331	* Created a process to restore files from the Quarantine.
332	* Fixed a few other small bugs including path issues on Winblows server.
	@@ -369,6 +365,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
369
370	== Upgrade Notice ==
371



372	= 4.17.29 =
373	Changed the definition update URL to only use SSL when required, and updated PayPal form for better domestic IPN compatibility.
374
	@@ -523,25 +522,10 @@ Fixed a session bug that conflicted with jigoshop. (Thanks dragonflyfla)
523	Fixed a few bug in the Whitelist definition feature.
524
525	= 3.07.06 =
526	- Added SSL support for definition updates and upgraded the Whitelist feature.
527	-
528	- = 1.3.05.31 =
529	- Downgraded the WP-Login threat and changed it to an opt-in fix.
530	-
531	- = 1.3.05.14 =
532	- Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
533	-
534	- = 1.3.05.13 =
535	- Added ability to whitelist files.
536	-
537	- = 1.3.04.19 =
538	- Fixed a major bug in yesterdays release broke the login page on some sites.
539	-
540	- = 1.3.04.17 =
541	- Added a patch for the wp-login.php brute force attack and fixed a few other small bugs.
542
543	= 1.3.02.15 =
544	- Improved security on the Quarantine directory to fix the 500 error on some servers (Plus many other improvement from v1.2: see Changelog for details)
545
546	= 1.2.03.23 =
547	First versions available for WordPress (code removed, no longer compatible).


5	Contributors: scheeeli, gotmls
6	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=QZHD8QHZ2E7PE
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.17.44
9	+ Stable tag: 4.17.44
10	Requires at least: 3.3
11	+ Tested up to: 4.8.3
12
13	This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
14

27	* Check the integrity of your WordPress Core files.
28	* Automatically download new Definition Updates when running a Complete Scan.
29
30	+ Updated November 4th
31
32	Register this plugin at [GOTMLS.NET](http://gotmls.net/) and get access to new definitions of "Known Threats" and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for "Potential Threats" and leaves it up to you to identify and remove the malicious ones.
33

94
95	== Changelog ==
96
97	+ = 4.17.44 =
98	+ * Added Title check to make sure it does say you were hacked.
99	+ * Updated code for compatibility with WP 4.8.3 (latest release).
100	+ * Fixed Undefined variable error in Quarantine.
101	+ * Fixed XSS vulnerability in nonce error output.
102	+
103	= 4.17.29 =
104	* Changed the definition update URL to only use SSL when required.
105	* Updated PayPal form for better domestic IPN compatibility.

319	= 3.07.06 =
320	* Added SSL support for definition updates and registration form.
321	* Upgraded the Whitelist feature so the it could not contain duplicates.


322	* Downgraded the WP-Login threat and changed it to an opt-in fix.


323	* Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.


324	* Added ability to whitelist files.


325	* Fixed a major bug in yesterdays release broke the login page on some sites.


326	* Added a patch for the wp-login.php brute force attack that has been going around.
327	* Created a process to restore files from the Quarantine.
328	* Fixed a few other small bugs including path issues on Winblows server.

365
366	== Upgrade Notice ==
367
368	+ = 4.17.44 =
369	+ Added Title check to make sure it does say you were hacked, updated code for compatibility with WP 4.8.3 and fixed Undefined variable error in Quarantine and an XSS vulnerability in nonce error output.
370	+
371	= 4.17.29 =
372	Changed the definition update URL to only use SSL when required, and updated PayPal form for better domestic IPN compatibility.
373

522	Fixed a few bug in the Whitelist definition feature.
523
524	= 3.07.06 =
525	+ Added SSL support for definition updates and upgraded the Whitelist feature (Plus many other improvement from v1.3: see Changelog for details).















526
527	= 1.3.02.15 =
528	+ Improved security on the Quarantine directory to fix the 500 error on some servers (Plus many other improvement from v1.2: see Changelog for details).
529
530	= 1.2.03.23 =
531	First versions available for WordPress (code removed, no longer compatible).

safe-load/wp-settings.php CHANGED Viewed

@@ -1,6 +1,8 @@
             <?php
-            -
            require_once("../../../../wp-includes/version.php");
-            -
            //home/mauivalu/sites/mauivalue.com/public_html/wp-includes/default-constants.php:
             if ( !defined('WP_DEBUG_DISPLAY') )
              define( 'WP_DEBUG_DISPLAY', true );
@@ -20,12 +22,10 @@ if (!function_exists("is_multisite")) {
             function is_multisite() {
             	return false;
             }}
-            -
             if (!function_exists("is_wp_error")) {
             function is_wp_error() {
             	return false;
             }}
-            -
             if (!function_exists("mbstring_binary_safe_encoding")) {
             function mbstring_binary_safe_encoding( $reset = false ) {
                 static $encodings = array();
@@ -47,12 +47,86 @@ function mbstring_binary_safe_encoding( $reset = false ) {
                     $encoding = array_pop( $encodings );
                     mb_internal_encoding( $encoding );
+                }
-            -
            }
             function reset_mbstring_encoding() {
                 mbstring_binary_safe_encoding( true );
             }}
-            -
            require_once("../../../../wp-includes/wp-db.php");
             $wpdb = new wpdb( DB_USER, DB_PASSWORD, DB_NAME, DB_HOST );


1	<?php
2	+ if (is_file("../../../../wp-includes/version.php"))
3	+ require_once("../../../../wp-includes/version.php");
4	+ if (is_file("../../../../wp-includes/default-constants.php"))
5	+ require_once("../../../../wp-includes/default-constants.php");
6	if ( !defined('WP_DEBUG_DISPLAY') )
7	define( 'WP_DEBUG_DISPLAY', true );
8

22	function is_multisite() {
23	return false;
24	}}

25	if (!function_exists("is_wp_error")) {
26	function is_wp_error() {
27	return false;
28	}}

29	if (!function_exists("mbstring_binary_safe_encoding")) {
30	function mbstring_binary_safe_encoding( $reset = false ) {
31	static $encodings = array();

47	$encoding = array_pop( $encodings );
48	mb_internal_encoding( $encoding );
49	}
50	+ }}
51	+ if (!function_exists("reset_mbstring_encoding")) {
52	function reset_mbstring_encoding() {
53	mbstring_binary_safe_encoding( true );
54	}}
55	+ if (!function_exists("_wp_filter_build_unique_id")) {
56	+ function _wp_filter_build_unique_id($tag, $function, $priority) {
57	+ global $wp_filter;
58	+ static $filter_id_count = 0;
59	+
60	+ if ( is_string($function) )
61	+ return $function;
62	+
63	+ if ( is_object($function) ) {
64	+ // Closures are currently implemented as objects
65	+ $function = array( $function, '' );
66	+ } else {
67	+ $function = (array) $function;
68	+ }
69	+
70	+ if (is_object($function[0]) ) {
71	+ // Object Class Calling
72	+ if ( function_exists('spl_object_hash') ) {
73	+ return spl_object_hash($function[0]) . $function[1];
74	+ } else {
75	+ $obj_idx = get_class($function[0]).$function[1];
76	+ if ( !isset($function[0]->wp_filter_id) ) {
77	+ if ( false === $priority )
78	+ return false;
79	+ $obj_idx .= isset($wp_filter[$tag][$priority]) ? count((array)$wp_filter[$tag][$priority]) : $filter_id_count;
80	+ $function[0]->wp_filter_id = $filter_id_count;
81	+ ++$filter_id_count;
82	+ } else {
83	+ $obj_idx .= $function[0]->wp_filter_id;
84	+ }
85	+
86	+ return $obj_idx;
87	+ }
88	+ } elseif ( is_string( $function[0] ) ) {
89	+ // Static Calling
90	+ return $function[0] . '::' . $function[1];
91	+ }
92	+ }}
93	+
94	+ if (!function_exists("add_filter")) {
95	+ function add_filter( $tag, $function_to_add, $priority = 10, $accepted_args = 1 ) {
96	+ global $wp_filter, $merged_filters;
97	+
98	+ $idx = _wp_filter_build_unique_id($tag, $function_to_add, $priority);
99	+ $wp_filter[$tag][$priority][$idx] = array('function' => $function_to_add, 'accepted_args' => $accepted_args);
100	+ unset( $merged_filters[ $tag ] );
101	+ return true;
102	+ }}
103	+ if (!function_exists("has_filter")) {
104	+ function has_filter($tag, $function_to_check = false) {
105	+ global $wp_filter;
106	+ $has = ! empty( $wp_filter[ $tag ] );
107	+ if ( $has ) {
108	+ $exists = false;
109	+ foreach ( $wp_filter[ $tag ] as $callbacks ) {
110	+ if ( ! empty( $callbacks ) ) {
111	+ $exists = true;
112	+ break;
113	+ }
114	+ }
115	+ if ( ! $exists )
116	+ $has = false;
117	+ }
118	+ if ( false === $function_to_check \|\| false == $has )
119	+ return $has;
120	+ if ( !$idx = _wp_filter_build_unique_id($tag, $function_to_check, false) )
121	+ return false;
122	+ foreach ( (array) array_keys($wp_filter[$tag]) as $priority )
123	+ if ( isset($wp_filter[$tag][$priority][$idx]) )
124	+ return $priority;
125	+ return false;
126	+ }}
127
128	+ if (is_file("../../../../wp-includes/wp-db.php"))
129	+ require_once("../../../../wp-includes/wp-db.php");
130
131	$wpdb = new wpdb( DB_USER, DB_PASSWORD, DB_NAME, DB_HOST );
132

Anti-Malware Security and Brute-Force Firewall - Version 4.17.44

Version Description

Release Info

Code changes from version 4.17.29 to 4.17.44