Anti-Malware Security and Brute-Force Firewall

Version Description

Updated registration form to be more compatible with newer iframe restrictions.
Fixed session check on the Brute-Force patch to no longer need mod_rewrite.
Removed older code from WordPress Repository.

Release Info

Developer	scheeeli
Plugin	Anti-Malware Security and Brute-Force Firewall
Version	4.20.72
Comparing to
See all releases

Code changes from version 4.20.59 to 4.20.72

Files changed (3) hide show

images/index.php +3 -16
index.php +20 -5
readme.txt +12 -124

images/index.php CHANGED Viewed

	@@ -16,7 +16,7 @@ GOTMLS_define("GOTMLS_plugin_path", substr(dirname(__FILE__), 0, strlen(dirname(
16	//if (is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
17	// GOTMLS_define("GOTMLS_Version", $match[1]);
18	//else
19	- GOTMLS_define("GOTMLS_Version", '4.20.59');
20	GOTMLS_define("GOTMLS_require_version", "3.3");
21	if (!function_exists("__")) {
22	function __($text, $domain = "gotmls") {
	@@ -632,20 +632,7 @@ function GOTMLS_box($bTitle, $bContents, $bType = "postbox") {
632	</div>';
633	}
634
635	- if (isset($~~_GET~~["~~SESSION~~"]) && ~~is_numeric~~($~~_GET~~["~~SESSION~~"]) && ~~preg_match~~('\|(~~.*?/gotmls\.js\?SESSION=~~)~~\|',~~ ~~GOTMLS_script_URI~~, $~~match~~)) {
636	- header("Content-type: text/javascript");
637	- if (is_file(GOTMLS_plugin_path."safe-load/session.php"))
638	- require_once(GOTMLS_plugin_path."safe-load/session.php");
639	- if (isset($_SESSION["GOTMLS_SESSION_TEST"]))
640	- die("/* GOTMLS SESSION PASS */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nshowhide('GOTMLS_patch_searching', true);\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) \|\| donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".GOTMLS_strip4java(__("You must register and donate to use this feature!",'gotmls'))."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".GOTMLS_strip4java(__("This feature is available to those who have donated!",'gotmls'))."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_patch_searching');\n\tshowhide('GOTMLS_patch_button', true);\n}\n");
641	- else {
642	- $_SESSION["GOTMLS_SESSION_TEST"] = $_GET["SESSION"] + 1;
643	- if ($_GET["SESSION"] > 0)
644	- die("/* GOTMLS SESSION FAIL */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\ndocument.getElementById('GOTMLS_patch_searching').innerHTML = '<div class=\"error\">".GOTMLS_strip4java(__("Your Server could not start a Session!",'gotmls'))."</div>';");
645	- else
646	- die("/* GOTMLS SESSION TEST */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nstopCheckingSession = checkupdateserver('".$match[0].$_SESSION["GOTMLS_SESSION_TEST"]."', 'GOTMLS_patch_searching');");
647	- }
648	- } elseif ((isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))) {
649	if (isset($_GET["page"]) && str_replace('-', '_', $_GET["page"]) == "GOTMLS_View_Quarantine" && isset($_REQUEST["GOTMLS_mt"]) && strlen($_REQUEST["GOTMLS_mt"]) == 32 && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])) {
650	$return = (print_r( array("nonce"=>$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]],"mt"=>($_REQUEST["GOTMLS_mt"])),1));
651	try {
	@@ -769,7 +756,7 @@ if (isset($_FILES) && is_array($_FILES))
769	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"])))
770	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] = array(
771	"RevSlider"=>array("CCIGG", "Revolution Slider Exploit Protection", "This protection is automatically activated because of the widespread attacks on WordPress that have affected so many sites. It is still recommended that you make sure to upgrade any older versions of the Revolution Slider plugin, especially those included in themes that will not update automatically. Even if you don't think you have Revolution Slider on your site it doen't hurt to have this protection enabled.", "SERVER", '/\/admin-ajax\.php/i', "REQUEST", '/\&img=[^\&]*(?<!\.'.implode(')(?<!\.', array_slice($GLOBALS["GOTMLS"]["tmp"]["skip_ext"], 0, 10)).')\&/i'),
772	- "Traversal"=>array("CCIGG", "Directory Traversal Protection", "This protection is automatically activated because this type of attack is quite common. This protection can prevent hackers from accessing secure files in parent directories (or user's folders outside the site_root).", "REQUEST", '/=[~~\s\/~~]*\.\.\//'),
773	"UploadPHP"=>array("CCIGG", "Upload PHP File Protection", "This protection is automatically activated because this type of attack is extremely dangerous. This protection can prevent hackers from uploading malicious code via web scripts.", "FILES", '/name=[^\&]*\.php\&/'));
774	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA) {
775	$V = 3;


16	//if (is_file(GOTMLS_plugin_path.$file) && ($contents = @file_get_contents(GOTMLS_plugin_path.$file)) && preg_match('/\nversion:\s*([0-9\.]+)/i', $contents, $match))
17	// GOTMLS_define("GOTMLS_Version", $match[1]);
18	//else
19	+ GOTMLS_define("GOTMLS_Version", '4.20.72');
20	GOTMLS_define("GOTMLS_require_version", "3.3");
21	if (!function_exists("__")) {
22	function __($text, $domain = "gotmls") {

632	</div>';
633	}
634
635	+ if ((isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)))) {













636	if (isset($_GET["page"]) && str_replace('-', '_', $_GET["page"]) == "GOTMLS_View_Quarantine" && isset($_REQUEST["GOTMLS_mt"]) && strlen($_REQUEST["GOTMLS_mt"]) == 32 && isset($GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]])) {
637	$return = (print_r( array("nonce"=>$GLOBALS["GOTMLS"]["tmp"]["nonce"][$_REQUEST["GOTMLS_mt"]],"mt"=>($_REQUEST["GOTMLS_mt"])),1));
638	try {

756	if (!(isset($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"]) && array($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"])))
757	$GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] = array(
758	"RevSlider"=>array("CCIGG", "Revolution Slider Exploit Protection", "This protection is automatically activated because of the widespread attacks on WordPress that have affected so many sites. It is still recommended that you make sure to upgrade any older versions of the Revolution Slider plugin, especially those included in themes that will not update automatically. Even if you don't think you have Revolution Slider on your site it doen't hurt to have this protection enabled.", "SERVER", '/\/admin-ajax\.php/i', "REQUEST", '/\&img=[^\&]*(?<!\.'.implode(')(?<!\.', array_slice($GLOBALS["GOTMLS"]["tmp"]["skip_ext"], 0, 10)).')\&/i'),
759	+ "Traversal"=>array("CCIGG", "Directory Traversal Protection", "This protection is automatically activated because this type of attack is quite common. This protection can prevent hackers from accessing secure files in parent directories (or user's folders outside the site_root).", "REQUEST", '/[\=\/](\.\.\|etc)\//'),
760	"UploadPHP"=>array("CCIGG", "Upload PHP File Protection", "This protection is automatically activated because this type of attack is extremely dangerous. This protection can prevent hackers from uploading malicious code via web scripts.", "FILES", '/name=[^\&]*\.php\&/'));
761	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA) {
762	$V = 3;

index.php CHANGED Viewed

	@@ -8,7 +8,7 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
8	Contributors: scheeeli, gotmls
9	Donate link: https://gotmls.net/donate/
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	- Version: 4.20.59
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)) \|\| !(function_exists("add_action") && function_exists("load_plugin_textdomain")))
14	include(dirname(__FILE__)."/safe-load/index.php");
	@@ -142,7 +142,7 @@ function GOTMLS_display_header($optional_box = "") {
142	</form>
143	<div id="registerKeyForm" style="display: none;"><span id="registerFormMessage" style="color: #F00">'.__("<p>Get instant access to definition updates.</p>",'gotmls').'</span><p>
144	'.__("If you have not already registered your Key then register now using the form below.<br />* All registration fields are required<br />** I will NOT share your information.",'gotmls').'</p>
145	- <form id="registerform" onsubmit="return sinupFormValidate(this);" action="'.GOTMLS_plugin_home.'wp-login.php?action=register" method="post" name="registerform" target="~~GOTMLS_iFrame~~"><input type="hidden" name="redirect_to" id="register_redirect_to" value="/donate/"><input type="hidden" name="user_login" id="register_user_login" value=""><input type="hidden" name="old_user_email" id="old_user_email" value="'.$reg_email_key.'">
146	<div>'.__("Your Full Name:",'gotmls').'</div>
147	<div style="float: left; width: 50%;"><input style="width: 100%;" id="first_name" type="text" name="first_name" value="'.$current_user->user_firstname.'" /></div>
148	<div style="float: left; width: 50%;"><input style="width: 100%;" id="last_name" type="text" name="last_name" value="'.$current_user->user_lastname.'" /></div>
	@@ -192,7 +192,7 @@ function GOTMLS_display_header($optional_box = "") {
192	} else {
193	document.getElementById("Definition_Updates").innerHTML = \'<img src="'.GOTMLS_images_path.'wait.gif">'.GOTMLS_strip4java(__("Submitting Registration ...",'gotmls')).'\';
194	showhide("Definition_Updates", true);
195	- setTimeout(\'stopCheckingDefinitions = checkupdateserver("'.$Update_Definitions[0].'", "Definition_Updates", "'.$Update_Definitions[1].'")\', ~~3000~~);
196	showhide("registerKeyForm");
197	return true;
198	}
	@@ -479,7 +479,7 @@ function GOTMLS_Firewall_Options() {
479	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA)
480	if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2]))
481	$sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt;
482	- $sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."807")).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="float: right;'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="'.GOTMLS_plugin_home.'tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n$lt"."script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".~~GOTMLS_images_path~~.~~"gotmls.js~~?~~SESSION~~=0', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
483	$admin_notice = "";
484	if ($current_user->user_login == "admin") {
485	$admin_notice .= $lt.'hr /'.$gt;
	@@ -1247,7 +1247,7 @@ function GOTMLS_init() {
1247	$scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1248	else
1249	$scan_level = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1;
1250	- $ajax_functions = array('load_update', 'empty_trash', 'fix', 'logintime', 'lognewkey', 'position', 'scan', 'View_Quarantine', 'whitelist');
1251	if (GOTMLS_get_nonce()) {
1252	if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1253	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];
	@@ -1277,6 +1277,21 @@ function GOTMLS_init() {
1277	}
1278	add_action("admin_init", "GOTMLS_init");
1279















1280	function GOTMLS_ajax_position() {
1281	if (GOTMLS_get_nonce()) {
1282	$GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');


8	Contributors: scheeeli, gotmls
9	Donate link: https://gotmls.net/donate/
10	Description: This Anti-Virus/Anti-Malware plugin searches for Malware and other Virus like threats and vulnerabilities on your server and helps you remove them. It's always growing and changing to adapt to new threats so let me know if it's not working for you.
11	+ Version: 4.20.72
12	*/
13	if (isset($_SERVER["DOCUMENT_ROOT"]) && ($SCRIPT_FILE = str_replace($_SERVER["DOCUMENT_ROOT"], "", (isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:"")))) && strlen($SCRIPT_FILE) > strlen("/".basename(__FILE__)) && substr(__FILE__, -1 * strlen($SCRIPT_FILE)) == substr($SCRIPT_FILE, -1 * strlen(__FILE__)) \|\| !(function_exists("add_action") && function_exists("load_plugin_textdomain")))
14	include(dirname(__FILE__)."/safe-load/index.php");

142	</form>
143	<div id="registerKeyForm" style="display: none;"><span id="registerFormMessage" style="color: #F00">'.__("<p>Get instant access to definition updates.</p>",'gotmls').'</span><p>
144	'.__("If you have not already registered your Key then register now using the form below.<br />* All registration fields are required<br />** I will NOT share your information.",'gotmls').'</p>
145	+ <form id="registerform" onsubmit="return sinupFormValidate(this);" action="'.GOTMLS_plugin_home.'wp-login.php?action=register" method="post" name="registerform" target="_blank"><input type="hidden" name="redirect_to" id="register_redirect_to" value="/donate/"><input type="hidden" name="user_login" id="register_user_login" value=""><input type="hidden" name="old_user_email" id="old_user_email" value="'.$reg_email_key.'">
146	<div>'.__("Your Full Name:",'gotmls').'</div>
147	<div style="float: left; width: 50%;"><input style="width: 100%;" id="first_name" type="text" name="first_name" value="'.$current_user->user_firstname.'" /></div>
148	<div style="float: left; width: 50%;"><input style="width: 100%;" id="last_name" type="text" name="last_name" value="'.$current_user->user_lastname.'" /></div>

192	} else {
193	document.getElementById("Definition_Updates").innerHTML = \'<img src="'.GOTMLS_images_path.'wait.gif">'.GOTMLS_strip4java(__("Submitting Registration ...",'gotmls')).'\';
194	showhide("Definition_Updates", true);
195	+ setTimeout(\'stopCheckingDefinitions = checkupdateserver("'.$Update_Definitions[0].'", "Definition_Updates", "'.$Update_Definitions[1].'")\', 11000);
196	showhide("registerKeyForm");
197	return true;
198	}

479	foreach ($GLOBALS["GOTMLS"]["tmp"]["definitions_array"]["firewall"] as $TP => $VA)
480	if (is_array($VA) && count($VA) > 3 && strlen($VA[1]) && strlen($VA[2]))
481	$sec_opts .= $lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="submit" style="float: right;" value="'.(isset($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]) && $GLOBALS["GOTMLS"]["tmp"]["settings_array"]["firewall"]["$TP"]?"Enable Protection\" onclick=\"setFirewall('$TP', 0);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'threat.gif"'.$gt.$lt."b$gt$VA[1] (Currently Disabled)":"Disable Protection\" onclick=\"setFirewall('$TP', 1);\"$gt$lt".'p'.$gt.$lt.'img src="'.GOTMLS_images_path.'checked.gif"'.$gt.$lt."b$gt$VA[1] (Automatically Enabled)")."$lt/b$gt$lt/p$gt$VA[2]$lt/div$gt$lt".'hr /'.$gt;
482	+ $sec_opts .= "$lt/form$gt\n$patch_action\n$lt".'form method="POST" name="GOTMLS_Form_patch"'.$gt.$lt.'div style="padding: 0 30px;"'.$gt.$lt.'input type="hidden" name="'.str_replace('=', '" value="', GOTMLS_set_nonce(__FUNCTION__."807")).'"'.$gt.$lt.'input type="submit" value="'.$patch_attr[$patch_status]["action"].'" style="float: right;'.($patch_status?'"'.$gt:' display: none;" id="GOTMLS_patch_button"'.$gt.$lt.'div id="GOTMLS_patch_searching" style="float: right;"'.$gt.__("Checking for session compatibility ...",'gotmls').' '.$lt.'img src="'.GOTMLS_images_path.'wait.gif" height=16 width=16 alt="Wait..." /'.$gt.$lt.'/div'.$gt).$lt.'input type="hidden" name="GOTMLS_patching" value="1"'.$gt.$lt.'p'.$gt.$lt.'img src="'.GOTMLS_images_path.$patch_attr[$patch_status]["icon"].'.gif"'.$gt.$lt.'b'.$gt.'Brute-force Protection '.$patch_attr[$patch_status]["status"].$lt.'/b'.$gt.$lt.'/p'.$gt.$patch_attr[$patch_status]["language"].__(" For more information on Brute-Force attack prevention and the WordPress wp-login-php file ",'gotmls').' '.$lt.'a target="_blank" href="'.GOTMLS_plugin_home.'tag/wp-login-php/"'.$gt.__("read my blog",'gotmls')."$lt/a$gt.$lt/div$gt$lt/form$gt\n$lt"."script type='text/javascript'$gt\nfunction search_patch_onload() {\n\tstopCheckingSession = checkupdateserver('".admin_url('admin-ajax.php?action=GOTMLS_log_session')."', 'GOTMLS_patch_searching');\n}\nif (window.addEventListener)\n\twindow.addEventListener('load', search_patch_onload)\nelse\n\tdocument.attachEvent('onload', search_patch_onload);\n$lt/script$gt";
483	$admin_notice = "";
484	if ($current_user->user_login == "admin") {
485	$admin_notice .= $lt.'hr /'.$gt;

1247	$scan_level = intval($GLOBALS["GOTMLS"]["tmp"]["settings_array"]["scan_level"]);
1248	else
1249	$scan_level = count(explode('/', trailingslashit(GOTMLS_siteurl))) - 1;
1250	+ $ajax_functions = array('load_update', 'log_session', 'empty_trash', 'fix', 'logintime', 'lognewkey', 'position', 'scan', 'View_Quarantine', 'whitelist');
1251	if (GOTMLS_get_nonce()) {
1252	if (isset($_REQUEST["dont_check"]) && is_array($_REQUEST["dont_check"]) && count($_REQUEST["dont_check"]))
1253	$GLOBALS["GOTMLS"]["tmp"]["settings_array"]["dont_check"] = $_REQUEST["dont_check"];

1277	}
1278	add_action("admin_init", "GOTMLS_init");
1279
1280	+ function GOTMLS_ajax_log_session() {
1281	+ header("Content-type: text/javascript");
1282	+ if (is_file(GOTMLS_plugin_path."safe-load/session.php"))
1283	+ require_once(GOTMLS_plugin_path."safe-load/session.php");
1284	+ if (isset($_SESSION["GOTMLS_SESSION_TEST"]))
1285	+ die("/* GOTMLS SESSION PASS */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nshowhide('GOTMLS_patch_searching', true);\nif (autoUpdateDownloadGIF = document.getElementById('autoUpdateDownload'))\n\tdonationAmount = autoUpdateDownloadGIF.src.replace(/^.+\?/,'');\nif ((autoUpdateDownloadGIF.src == donationAmount) \|\| donationAmount=='0') {\n\tif (patch_searching_div = document.getElementById('GOTMLS_patch_searching')) {\n\t\tif (autoUpdateDownloadGIF.src == donationAmount)\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".GOTMLS_strip4java(__("You must register and donate to use this feature!",'gotmls'))."</span>';\n\t\telse\n\t\t\tpatch_searching_div.innerHTML = '<span style=\"color: #F00;\">".GOTMLS_strip4java(__("This feature is available to those who have donated!",'gotmls'))."</span>';\n\t}\n} else {\n\tshowhide('GOTMLS_patch_searching');\n\tshowhide('GOTMLS_patch_button', true);\n}\n");
1286	+ else {
1287	+ $_SESSION["GOTMLS_SESSION_TEST"] = 1;
1288	+ if (isset($_GET["SESSION"]) && is_numeric($_GET["SESSION"]) && $_GET["SESSION"] > 0)
1289	+ die("/* GOTMLS SESSION FAIL */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\ndocument.getElementById('GOTMLS_patch_searching').innerHTML = '<div class=\"error\">".GOTMLS_strip4java(__("Your Server could not start a Session!",'gotmls'))."</div>';");
1290	+ else
1291	+ die("/* GOTMLS SESSION TEST */\nif('undefined' != typeof stopCheckingSession && stopCheckingSession)\n\tclearTimeout(stopCheckingSession);\nstopCheckingSession = checkupdateserver('".GOTMLS_script_URI."&SESSION=1', 'GOTMLS_patch_searching');");
1292	+ }
1293	+ }
1294	+
1295	function GOTMLS_ajax_position() {
1296	if (GOTMLS_get_nonce()) {
1297	$GLOBALS["GOTMLS_msg"] = __("Default position",'gotmls');

readme.txt CHANGED Viewed

	@@ -5,8 +5,8 @@ Author URI: http://wordpress.ieonly.com/category/my-plugins/anti-malware/
5	Contributors: scheeeli, gotmls
6	Donate link: https://gotmls.net/donate/
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	- Version: 4.20.59
9	- Stable tag: 4.20.59
10	Requires at least: 3.3
11	Tested up to: 5.7.2
12
	@@ -92,6 +92,11 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
92
93	== Changelog ==
94





95	= 4.20.59 =
96	* Various minor bug fixes.
97	* Added Core Files Definitions for ClassicPress.
	@@ -192,35 +197,21 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
192	* Added the Turkish translation thanks to Umut Can Alparslan.
193	* Improved the auto update so that old definitions could be phased out and new threat types would be selected by default.
194	* Fixed the admin username change feature on multisite installs.
195	-
196	- = 4.16.53 =
197	* Fixed the details window so that it scrolls to the highlighted code.
198	* Set defaults to disable the Potential Threat scan if other threats definitions are enabled.
199	* Encoded definitions array for DB storage.
200	-
201	- = 4.16.49 =
202	* Fixed syntax error in the XMLRPC patch for newer versions of Apache.
203	-
204	- = 4.16.48 =
205	* Added fall-back to manual updates if the Automatic update feature fails.
206	* Fixed PHP Notices about undefined variable added in last Version release.
207	* Improved Apache version detection.
208	-
209	- = 4.16.47 =
210	* Changed Automatic update feature to automatically download all definitions and firewall updates.
211	* Added PHP and Apache version detections and changed the XMLRPC patch to work with Apache 2.4 directives.
212	* Removed the onbeforeunload function because Norton detected it as a False Positive.
213	* Removed code that was deprecated in PHP Version 7.
214	-
215	- = 4.16.39 =
216	* Fixed PHP Notice about an array to string conversion with some rare global variable conditions.
217	-
218	- = 4.16.38 =
219	* Added more firewall options.
220	* Moved Scan Log from the Quarantine page to the main Setings page.
221	* Fixed PHP Warning about an invalid argument in foreach and some other bugs too.
222	-
223	- = 4.16.26 =
224	* Fixed "What to look for" Options so that changes are saved.
225	* Changed get_currentuserinfo to wp_get_current_user because the get_currentuserinfo function was deprecated in WP 4.5
226
	@@ -228,77 +219,43 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
228	* Removed Menu Item Placement Options because the add_object_page function was deprecated in WP 4.5.
229	* Added firewall options for better compatibility with WP Firewall 2.
230	* Fixed an XSS vulnerability in the debug output of the nonce token.
231	-
232	- = 4.15.49 =
233	* Moved the Firewall Options to it's own page linked to from the admin menu.
234	* Moved the Quick Scan from the admin menu to the top of the Scan Settings page.
235	-
236	- = 4.15.46 =
237	* Fixed PHP Warning about in_array function expecting parameter 2 to be an array, found by Georgey B.
238	* Made a few minor cosmetic changes and fixed a few other small bugs in the interface.
239	-
240	- = 4.15.45 =
241	* Fixed the Nonce Token error caused by W3 Total Cache breaking the set_transient function in WordPress.
242	* Added the Brazilian Portuguese language files, thanks to Marcelo Guernieri for the translation.
243	-
244	- = 4.15.44 =
245	* Fixed the admin menu and also some links that did not work on Windows server.
246	-
247	- = 4.15.43 =
248	* Added Core Files to the Quick Scan list on the admin menu.
249	* Added a nonce token to prevent Cross-Site Request Forgery by admins who are logged-in from another site.
250	* Hardened against XSS vulnerability triggered by the file names being scanned (thanks to Mahadev Subedi).
251	* Improved brute-force patch compatibility with alternate wp-config.php location.
252	-
253	- = 4.15.42 =
254	* Had to remove the encoding of the Default Definitions to meet the WordPress Plugin Guidelines.
255	-
256	- = 4.15.41 =
257	* Improved the JavaScript in the new Brute-Force login patch so that it works with caching enabled on the login page.
258	-
259	- = 4.15.40 =
260	* Improved the Brute-Force login patch with custom fields and JavaScript.
261	* Added a Save button to that Scan Settings page.
262	* Fixed a bug in the XMLRPC Patch "Unblock" feature.
263	-
264	- = 4.15.30 =
265	* Added a link to purge the deleted Quarantine items from the database.
266	* Added firewall option to Block all XMLRPC calls.
267	* Fixed a few cosmetic bugs in the quarantine and firewall options.
268	-
269	- = 4.15.29 =
270	* Fixed a bugs in the Quarantine that was memory_limit errors if there number of files in the was too high.
271	* Added the highlight malicious code feature back to the Quarantine file viewer.
272	* Added the ability to change the admin username if the current username is "admin".
273	* Improved the code in the Brute-Force Protection patch.
274	-
275	- = 4.15.28 =
276	* Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
277	-
278	- = 4.15.27 =
279	* Fixed a major bug that made multisite scan extremely slow and sometimes error out.
280	* Moved all ajax call out of the init function and into their own functions for better handling time.
281	-
282	- = 4.15.26 =
283	* Moved the quarantine files into the database and deleted the old directory in uploads.
284	* Fixed some minor formatting issues in the HTML output on the settings page.
285	* Added a warning message if base64_decode has been disabled.
286	-
287	- = 4.15.24 =
288	* Hardened against injected HTML content by encoding the tags with variables.
289	* Fixed debug option to exclude individual definitions.
290	-
291	- = 4.15.23 =
292	* Hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
293	* Fixed another XSS vulnerabilities in the admin (thanks to James H.)
294	-
295	- = 4.15.20 =
296	* Hardened against XSS vulnerabilities in the admin (thanks to Tim Coen).
297	* Added feature to restore default settings for Exclude Extensions.
298	* Changed the encoding on the index.php file in the Quarantine to make it more human-readable.
299	* Fixed a few small bugs that were throwing PHP Notices in some configurations and added more info to some error messages.
300	-
301	- = 4.15.17 =
302	* Extended execution_time during the Fix process to increase the number of files that could be fixed at a time.
303	* Added a Quarantine log to the database.
304	* Fixed a couple of minor bugs that would throw PHP notices.
	@@ -405,6 +362,9 @@ sucuri.net caches their scan results and will not refresh the scan until you cli
405
406	== Upgrade Notice ==
407



408	= 4.20.59 =
409	Various minor bug fixes, added Core Files Definitions for ClassicPress, and tweaked code for better compatibility with WordPress 5.7.2 and ClassicPress 1.2.0.
410
	@@ -460,82 +420,10 @@ Added Title check to make sure it does say you were hacked, updated code for com
460	Changed the definition update URL to only use SSL when required, and updated PayPal form for better domestic IPN compatibility.
461
462	= 4.17.28 =
463	- Added the Turkish translation thanks to Umut Can Alparslan, improved the auto update feature, and fixed the admin username change feature on multisite installs.
464	-
465	- = 4.16.53 =
466	- Fixed the details window to scrolls to the highlighted code, set default Potential Threat scan to disabled, and encoded definitions array for DB storage.
467	-
468	- = 4.16.49 =
469	- Fixed syntax error in the XMLRPC patch for newer versions of Apache.
470	-
471	- = 4.16.48 =
472	- Added fall-back to manual updates if the Automatic update feature fails, fixed PHP Notices and improved Apache version detection.
473	-
474	- = 4.16.47 =
475	- Changed Automatic update feature, added PHP and Apache version detections, and removed the onbeforeunload function other code that was deprecated.
476	-
477	- = 4.16.39 =
478	- Fixed PHP Notice about an array to string conversion with some rare global variable conditions.
479	-
480	- = 4.16.38 =
481	- Added more firewall options, moved Scan Log from to the main Setings page, and fixed PHP Warning about an invalid argument and some other bugs too.
482	-
483	- = 4.16.26 =
484	- Fixed "What to look for" Options so that changes are saved, and changed get_currentuserinfo to wp_get_current_user.
485
486	= 4.16.17 =
487	- Removed Menu Item Placement Options that were deprecated in WP 4.5, Added firewall options for better compatibility with WP Firewall 2, and fixed an XSS vulnerability in the debug output of the nonce token.
488	-
489	- = 4.15.49 =
490	- Moved the Firewall Options to it's own page and moved the Quick Scan to the top of the Scan Settings page.
491	-
492	- = 4.15.46 =
493	- Made a few minor cosmetic changes and fixed a few small bugs including a PHP Warning about in_array function expecting parameter 2 to be an array.
494	-
495	- = 4.15.45 =
496	- Fixed the Nonce Token error caused by W3 Total Cache, and added the Brazilian Portuguese translation by Marcelo Guernieri.
497	-
498	- = 4.15.44 =
499	- Fixed the admin menu and also some links that did not work on Windows server.
500	-
501	- = 4.15.43 =
502	- Improved brute-force patch compatibility, added Core Files to the Quick Scan list, added a nonce token to prevent Cross-Site Request Forgery by admins who are logged-in, and hardened against XSS vulnerability triggered by bad file names.
503	-
504	- = 4.15.42 =
505	- Had to remove the encoding of the Default Definitions to meet the WordPress Plugin Guidelines.
506	-
507	- = 4.15.41 =
508	- Improved the JavaScript in the new Brute-Force login patch so that it works with caching enabled on the login page.
509	-
510	- = 4.15.40 =
511	- Improved the Brute-Force login patch with custom fields and JavaScript, added a Save button to that Scan Settings page, and fixed a bug in the XMLRPC Patch.
512	-
513	- = 4.15.30 =
514	- Added a new firewall option to Block all XMLRPC calls and a link to purge the deleted Quarantine items from the database, and fixed a few cosmetic bugs in the quarantine and firewall options.
515	-
516	- = 4.15.29 =
517	- Fixed a bugs in the Quarantine, added the highlight malicious code feature back to the Quarantine file viewer, added the ability to change the admin username, and improved the Brute-Force Protection.
518	-
519	- = 4.15.28 =
520	- Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
521	-
522	- = 4.15.27 =
523	- Fixed a major bug that made multisite scan extremely slow and moved all ajax call out of the init function and into their own functions.
524	-
525	- = 4.15.26 =
526	- Moved the quarantine files into the database and deleted the old directory in uploads, fixed some minor HTML formatting issues, and added a warning if base64_decode is disabled.
527	-
528	- = 4.15.24 =
529	- Hardened against injected HTML content and fixed debug option to exclude individual definitions.
530	-
531	- = 4.15.23 =
532	- Fixed another XSS vulnerabilities in the admin (thanks to James H.), and hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
533	-
534	- = 4.15.20 =
535	- Hardened against XSS in the admin, changed encoding of the index.php file in the Quarantine, added more info to some error messages and a feature to restore a default setting, and fixed a few small bugs.
536	-
537	- = 4.15.17 =
538	- Extended execution_time during the Fix process, added a Quarantine log to the database, and fixed a couple of minor bugs.
539
540	= 4.15.16 =
541	Created automatic definition updates that include WordPress Core files, more improvements to the Brute-Force protection patch (Plus many other improvement from v4.14.X: see Changelog for details).


5	Contributors: scheeeli, gotmls
6	Donate link: https://gotmls.net/donate/
7	Tags: security, firewall, anti-malware, scanner, automatic, repair, remove, malware, virus, threat, hacked, malicious, infection, timthumb, exploit, block, brute-force, wp-login, patch, antimalware, revslider, Revolution Slider
8	+ Version: 4.20.72
9	+ Stable tag: 4.20.72
10	Requires at least: 3.3
11	Tested up to: 5.7.2
12

92
93	== Changelog ==
94
95	+ = 4.20.72 =
96	+ * Updated registration form to be more compatible with newer iframe restrictions.
97	+ * Fixed session check on the Brute-Force patch to no longer need mod_rewrite.
98	+ * Removed older code from WordPress Repository.
99	+
100	= 4.20.59 =
101	* Various minor bug fixes.
102	* Added Core Files Definitions for ClassicPress.

197	* Added the Turkish translation thanks to Umut Can Alparslan.
198	* Improved the auto update so that old definitions could be phased out and new threat types would be selected by default.
199	* Fixed the admin username change feature on multisite installs.


200	* Fixed the details window so that it scrolls to the highlighted code.
201	* Set defaults to disable the Potential Threat scan if other threats definitions are enabled.
202	* Encoded definitions array for DB storage.


203	* Fixed syntax error in the XMLRPC patch for newer versions of Apache.


204	* Added fall-back to manual updates if the Automatic update feature fails.
205	* Fixed PHP Notices about undefined variable added in last Version release.
206	* Improved Apache version detection.


207	* Changed Automatic update feature to automatically download all definitions and firewall updates.
208	* Added PHP and Apache version detections and changed the XMLRPC patch to work with Apache 2.4 directives.
209	* Removed the onbeforeunload function because Norton detected it as a False Positive.
210	* Removed code that was deprecated in PHP Version 7.


211	* Fixed PHP Notice about an array to string conversion with some rare global variable conditions.


212	* Added more firewall options.
213	* Moved Scan Log from the Quarantine page to the main Setings page.
214	* Fixed PHP Warning about an invalid argument in foreach and some other bugs too.


215	* Fixed "What to look for" Options so that changes are saved.
216	* Changed get_currentuserinfo to wp_get_current_user because the get_currentuserinfo function was deprecated in WP 4.5
217

219	* Removed Menu Item Placement Options because the add_object_page function was deprecated in WP 4.5.
220	* Added firewall options for better compatibility with WP Firewall 2.
221	* Fixed an XSS vulnerability in the debug output of the nonce token.


222	* Moved the Firewall Options to it's own page linked to from the admin menu.
223	* Moved the Quick Scan from the admin menu to the top of the Scan Settings page.


224	* Fixed PHP Warning about in_array function expecting parameter 2 to be an array, found by Georgey B.
225	* Made a few minor cosmetic changes and fixed a few other small bugs in the interface.


226	* Fixed the Nonce Token error caused by W3 Total Cache breaking the set_transient function in WordPress.
227	* Added the Brazilian Portuguese language files, thanks to Marcelo Guernieri for the translation.


228	* Fixed the admin menu and also some links that did not work on Windows server.


229	* Added Core Files to the Quick Scan list on the admin menu.
230	* Added a nonce token to prevent Cross-Site Request Forgery by admins who are logged-in from another site.
231	* Hardened against XSS vulnerability triggered by the file names being scanned (thanks to Mahadev Subedi).
232	* Improved brute-force patch compatibility with alternate wp-config.php location.


233	* Had to remove the encoding of the Default Definitions to meet the WordPress Plugin Guidelines.


234	* Improved the JavaScript in the new Brute-Force login patch so that it works with caching enabled on the login page.


235	* Improved the Brute-Force login patch with custom fields and JavaScript.
236	* Added a Save button to that Scan Settings page.
237	* Fixed a bug in the XMLRPC Patch "Unblock" feature.


238	* Added a link to purge the deleted Quarantine items from the database.
239	* Added firewall option to Block all XMLRPC calls.
240	* Fixed a few cosmetic bugs in the quarantine and firewall options.


241	* Fixed a bugs in the Quarantine that was memory_limit errors if there number of files in the was too high.
242	* Added the highlight malicious code feature back to the Quarantine file viewer.
243	* Added the ability to change the admin username if the current username is "admin".
244	* Improved the code in the Brute-Force Protection patch.


245	* Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.


246	* Fixed a major bug that made multisite scan extremely slow and sometimes error out.
247	* Moved all ajax call out of the init function and into their own functions for better handling time.


248	* Moved the quarantine files into the database and deleted the old directory in uploads.
249	* Fixed some minor formatting issues in the HTML output on the settings page.
250	* Added a warning message if base64_decode has been disabled.


251	* Hardened against injected HTML content by encoding the tags with variables.
252	* Fixed debug option to exclude individual definitions.


253	* Hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
254	* Fixed another XSS vulnerabilities in the admin (thanks to James H.)


255	* Hardened against XSS vulnerabilities in the admin (thanks to Tim Coen).
256	* Added feature to restore default settings for Exclude Extensions.
257	* Changed the encoding on the index.php file in the Quarantine to make it more human-readable.
258	* Fixed a few small bugs that were throwing PHP Notices in some configurations and added more info to some error messages.


259	* Extended execution_time during the Fix process to increase the number of files that could be fixed at a time.
260	* Added a Quarantine log to the database.
261	* Fixed a couple of minor bugs that would throw PHP notices.

362
363	== Upgrade Notice ==
364
365	+ = 4.20.72 =
366	+ Updated registration form, fixed session check, and removed older code from WordPress Repository.
367	+
368	= 4.20.59 =
369	Various minor bug fixes, added Core Files Definitions for ClassicPress, and tweaked code for better compatibility with WordPress 5.7.2 and ClassicPress 1.2.0.
370

420	Changed the definition update URL to only use SSL when required, and updated PayPal form for better domestic IPN compatibility.
421
422	= 4.17.28 =
423	+ Added the Turkish translation thanks to Umut Can Alparslan, improved the auto update feature, and fixed the admin username change feature on multisite installs (Plus many other improvement from v4.16.X: see Changelog for details).





















424
425	= 4.16.17 =
426	+ Removed Menu Item Placement Options that were deprecated in WP 4.5, Added firewall options for better compatibility with WP Firewall 2, and fixed an XSS vulnerability in the debug output of the nonce token (Plus many other improvement from v4.15.X: see Changelog for details).



















































427
428	= 4.15.16 =
429	Created automatic definition updates that include WordPress Core files, more improvements to the Brute-Force protection patch (Plus many other improvement from v4.14.X: see Changelog for details).

Anti-Malware Security and Brute-Force Firewall - Version 4.20.72

Version Description

Release Info

Code changes from version 4.20.59 to 4.20.72