Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.4.8

Version Description

  • New and clean design for the scan results.
  • Adding a web firewall check on our hardening page.
Download this release

Release Info

Developer dd@sucuri.net
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.4.8
Comparing to
See all releases

Code changes from version 1.4.7 to 1.4.8

inc/css/sucuriscan-default-css.css CHANGED
@@ -1,101 +1,23 @@
1
- /* Sucuri Security - SiteCheck Malware Scanner
2
* Copyright (C) 2010-2012 Sucuri Security - http://sucuri.net
3
* Released under the GPL - see LICENSE file for details.
4
*/
5
-
6
- .sucuriscan_header {
7
- background: #333;
8
- border-bottom-left-radius:5px;
9
- border-bottom-right-radius:5px;
10
- border-top-left-radius:5px;
11
- border-top-right-radius:5px;
12
- height: 38px;
13
- margin: 16px 0 8px;
14
- min-width: 255px;
15
- padding: 10px;
16
- position: relative;
17
- }
18
-
19
- .sucuriscan_header img {
20
- float: left;
21
- height: 38px;
22
- width: 101px;
23
- }
24
-
25
- .wrap .sucuriscan_header h2 {
26
- color: #fff;
27
- float: left;
28
- margin-left: 10px;
29
- padding: 3px 0 0;
30
- text-shadow:#000 0 1px 0;
31
- }
32
-
33
- .sucuriscan-maincontent {
34
- padding: 10px 20px 0 0;
35
- }
36
-
37
- #sidebar {
38
- padding-top: 10px;
39
- }
40
-
41
- #sidebar .sucuriscan-sidebar {
42
- border:1px solid #CCCCCC;
43
- border-bottom-left-radius:5px;
44
- border-bottom-right-radius:5px;
45
- border-top-left-radius:5px;
46
- border-top-right-radius:5px;
47
- margin:0 0 10px;
48
- padding:10px 15px;
49
- }
50
-
51
- #sitecleanup.sucuriscan-sidebar {
52
- background-color:#bbe8f5;
53
- border-color:#4393ac;
54
- }
55
-
56
- #sucuri-latest-posts.sucuriscan-sidebar {
57
- background-color:#ececec;
58
- border-color:#999;
59
- }
60
-
61
- .sucuriscan-maincontent .widefat tbody th.check-column{
62
- padding: 6px 0 3px 0
63
- }
64
-
65
- .sucuriscan-maincontent .hardening-box .primary-secondary{
66
- margin: 0 0 0 10px
67
- }
68
-
69
- .sucuriscan-maincontent a.lastlogins-showall{
70
- display: inline-block;
71
- float: right
72
- }
73
-
74
- .sucuri-alert{
75
- position: relative
76
- }
77
-
78
- .sucuri-alert-updated{
79
- background-color: #bbe8f5 !important;
80
- border-color: #4393ac !important
81
- }
82
-
83
- .sucuri-alert > a.close{
84
- position: absolute;
85
- top: 8px;
86
- right: 10px;
87
- font-size: 18px;
88
- text-decoration: none
89
- }
90
-
91
- .sucuri-visible{
92
- }
93
-
94
- .sucuri-hidden{
95
- display: none !important
96
- }
97
-
98
- .sucuri-inline-error{
99
- font-weight: bold;
100
- color: #ff0000;
101
- }
1
+ /**
2
+ * Sucuri Security - SiteCheck Malware Scanner
3
* Copyright (C) 2010-2012 Sucuri Security - http://sucuri.net
4
* Released under the GPL - see LICENSE file for details.
5
*/
6
+ .sucuriscan_header{background:#333;border-bottom-left-radius:5px;border-bottom-right-radius:5px;border-top-left-radius:5px;border-top-right-radius:5px;height:38px;margin:16px 0 8px;min-width:255px;padding:10px;position:relative}
7
+ .sucuriscan_header img{float:left;height:38px;width:101px}
8
+ .wrap .sucuriscan_header h2{color:#fff;float:left;margin-left:10px;padding:3px 0 0;text-shadow:#000 0 1px 0}
9
+ .sucuriscan-maincontent{padding:10px 20px 0 0}
10
+ #sidebar{padding-top:10px}
11
+ #sidebar .sucuriscan-sidebar{border:1px solid #ccc;border-bottom-left-radius:5px;border-bottom-right-radius:5px;border-top-left-radius:5px;border-top-right-radius:5px;margin:0 0 10px;padding:10px 15px}
12
+ #sitecleanup.sucuriscan-sidebar{background-color:#bbe8f5;border-color:#4393ac}
13
+ #sucuri-latest-posts.sucuriscan-sidebar{background-color:#ececec;border-color:#999}
14
+ .sucuriscan-maincontent .widefat tbody th.check-column{padding:6px 0 3px 0}
15
+ .sucuriscan-maincontent .hardening-box .primary-secondary{margin:0 0 0 10px}
16
+ .sucuriscan-maincontent a.lastlogins-showall{display:inline-block;float:right}
17
+ .sucuri-alert{position:relative}
18
+ .sucuri-alert-updated{background-color:#bbe8f5 !important;border-color:#4393ac !important}
19
+ .sucuri-alert>a.close{position:absolute;top:8px;right:10px;font-size:18px;text-decoration:none}
20
+ .sucuri-hidden{display:none !important}
21
+ .sucuri-inline-error{font-weight:bold;color:red}
22
+ .sucuri-list li{list-style:disc;margin:0 0 5px 15px}
23
+ .sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
inc/tpl/initial-page.html.tpl ADDED
@@ -0,0 +1,31 @@
1
+ <div class="wrap">
2
+ <h2 id="warnings_hook"></h2>
3
+ <div class="sucuriscan_header">
4
+ <img src="%%SUCURI.PluginURL%%/inc/images/logo.png">
5
+ <h2>Sucuri SiteCheck Malware Scanner</h2>
6
+ <br class="clear"/>
7
+ </div>
8
+
9
+ <div class="postbox-container" style="width:75%">
10
+ <div class="sucuriscan-maincontent">
11
+ <div class="postbox">
12
+ <div class="inside">
13
+ <h2 align="center">Scan your site for malware using <a href="http://sitecheck.sucuri.net">Sucuri SiteCheck</a> right in your WordPress dashboard.</h2>
14
+ </div>
15
+ </div>
16
+
17
+ <form method="post">
18
+ <input type="hidden" name="wpsucuri-doscan" value="wpsucuri-doscan" />
19
+ <input type="submit" name="wpsucuri_doscanrun" value="Scan this site now!" class="button button-primary button-hero load-customize" />
20
+ </form>
21
+
22
+ <p>
23
+ <strong>If you have any questions about these checks or this plugin, contact us at
24
+ <a href="mailto:info@sucuri.net">info@sucuri.net</a> or visit <a href="http://sucuri.net">
25
+ sucuri.net</a></strong>
26
+ </p>
27
+ </div>
28
+ </div>
29
+
30
+ %%SUCURI.Sidebar%%
31
+ </div>
inc/tpl/{sucuri-wp-integrity-admins-lastlogin.snippet.tpl → integrity-admins-lastlogin.snippet.tpl} RENAMED
File without changes
inc/tpl/integrity-admins.html.tpl ADDED
@@ -0,0 +1,17 @@
1
+ <table class="wp-list-table widefat">
2
+ <thead>
3
+ <tr>
4
+ <th colspan="3">Administrator Users</th>
5
+ </tr>
6
+ <tr>
7
+ <th class="manage-column">Username</th>
8
+ <th class="manage-column">Email</th>
9
+ <th class="manage-column">Last Logins (newest to oldest)</th>
10
+ </tr>
11
+ </thead>
12
+
13
+ <tbody>
14
+ %%SUCURI.AdminUsers.UserList%%
15
+ </tbody>
16
+ </table>
17
+ <br>
inc/tpl/{sucuri-wp-integrity-admins.snippet.tpl → integrity-admins.snippet.tpl} RENAMED
File without changes
inc/tpl/{sucuri-wp-lastlogins.html.tpl → lastlogins.html.tpl} RENAMED
File without changes
inc/tpl/{sucuri-wp-lastlogins.snippet.tpl → lastlogins.snippet.tpl} RENAMED
File without changes
inc/tpl/{sucuri-wp-notification.html.tpl → notification.html.tpl} RENAMED
File without changes
inc/tpl/{sucuri-wp-notification.txt.tpl → notification.txt.tpl} RENAMED
File without changes
inc/tpl/{sucuri-wp-posthack.html.tpl → posthack.html.tpl} RENAMED
File without changes
inc/tpl/{sucuri-wp-resetpassword.snippet.tpl → resetpassword.snippet.tpl} RENAMED
File without changes
inc/tpl/sidebar.html.tpl ADDED
@@ -0,0 +1,24 @@
1
+ <div class="postbox-container" style="width:25%">
2
+ <div id="sidebar">
3
+ <div id="sitecleanup" class="sucuriscan-sidebar">
4
+ <h2><span class="promo">Is your website infected with malware? Blacklisted by Google?</span></h2>
5
+ <p>Don't know where to start? Get cleared today by <a href="http://sucuri.net/signup">Sucuri Security</a>!</p>
6
+ <p>
7
+ <a class="button-primary" href="http://sucuri.net/tour">Read more &#187;</a>
8
+ </p>
9
+ </div>
10
+
11
+ <div id="sucuri-latest-posts" class="sucuriscan-sidebar">
12
+ <h2><span class="promo">Preventive website security in the cloud!</span></h2>
13
+ <ul class="sucuri-list">
14
+ <li>Web Application Firewall (WAF) Protection</li>
15
+ <li>Virtual Website Patching</li>
16
+ <li>Cloud Intrusion Prevention System (IPS)</li>
17
+ <li>High Security Website Monitoring</li>
18
+ <li>Malicious Traffic Filtering</li>
19
+ </ul>
20
+ <a href="https://login.sucuri.net/signup2/create?CloudProxy" target="_blank" class="button button-primary">Subscribe Now!</a>
21
+ <a href="http://cloudproxy.sucuri.net/" target="_blank" class="button button-primary">Read more</a>
22
+ </div>
23
+ </div>
24
+ </div>
inc/tpl/sucuri-wp-integrity-admins.html.tpl DELETED
@@ -1,18 +0,0 @@
1
- <div class="postbox">
2
- <h3>Administrator Users</h3>
3
- <div class="inside">
4
- <table class="wp-list-table widefat">
5
- <thead>
6
- <tr>
7
- <th class="manage-column">Username</th>
8
- <th class="manage-column">Email</th>
9
- <th class="manage-column">Last Logins (newest to oldest)</th>
10
- </tr>
11
- </thead>
12
-
13
- <tbody>
14
- %%SUCURI.AdminUsers.UserList%%
15
- </tbody>
16
- </table>
17
- </div>
18
- </div>
inc/tpl/sucuri-wp-sidebar.html.tpl DELETED
@@ -1,22 +0,0 @@
1
- <div class="postbox-container" style="width:25%;min-width:200px;max-width:350px;">
2
- <div id="sidebar">
3
- <div id="sitecleanup" class="sucuriscan-sidebar">
4
- <h2><span class="promo">Is your website infected with malware? Blacklisted by Google?</span></h2>
5
- <p>Don't know where to start? Get cleared today by <a href="http://sucuri.net/signup">Sucuri Security</a>!
6
- </p>
7
- <p>
8
- <a class="button-primary" href="http://sucuri.net/tour">Read more &#187;</a>
9
- </p>
10
- </div>
11
-
12
- <div id="sucuri-latest-posts" class="sucuriscan-sidebar">
13
- <h2><span class="promo">Stay updated with WordPress security news. </span></h2>
14
- <p>Check out the <a href="http://blog.sucuri.net/">Sucuri Blog</a>!
15
- </p>
16
- <p>
17
- <a class="button-primary" href="http://blog.sucuri.net/">Read more &#187;</a>
18
- </p>
19
- </div>
20
-
21
- </div>
22
- </div>
lib/core_integrity.php CHANGED
@@ -183,16 +183,16 @@ function sucuriwp_list_admins($userlevel = '10') {
183
'AdminUsers.LastLogins'=>''
184
);
185
foreach($admin->lastlogins as $lastlogin){
186
- $user_snippet['AdminUsers.LastLogins'] .= sucuriscan_get_template('sucuri-wp-integrity-admins-lastlogin.snippet.tpl', array(
187
'AdminUsers.RemoteAddr'=>$lastlogin->user_remoteaddr,
188
'AdminUsers.Datetime'=>$lastlogin->user_lastlogin
189
));
190
}
191
192
- $template_variables['AdminUsers.UserList'] .= sucuriscan_get_template('sucuri-wp-integrity-admins.snippet.tpl', $user_snippet);
193
}
194
195
- echo sucuriscan_get_template('sucuri-wp-integrity-admins.html.tpl', $template_variables);
196
}
197
198
function sucuriwp_content_check()
183
'AdminUsers.LastLogins'=>''
184
);
185
foreach($admin->lastlogins as $lastlogin){
186
+ $user_snippet['AdminUsers.LastLogins'] .= sucuriscan_get_template('integrity-admins-lastlogin.snippet.tpl', array(
187
'AdminUsers.RemoteAddr'=>$lastlogin->user_remoteaddr,
188
'AdminUsers.Datetime'=>$lastlogin->user_lastlogin
189
));
190
}
191
192
+ $template_variables['AdminUsers.UserList'] .= sucuriscan_get_template('integrity-admins.snippet.tpl', $user_snippet);
193
}
194
195
+ echo sucuriscan_get_template('integrity-admins.html.tpl', $template_variables);
196
}
197
198
function sucuriwp_content_check()
lib/hardening.php CHANGED
@@ -1,6 +1,6 @@
1
<?php
2
/* Sucuri Security - SiteCheck Malware Scanner
3
- * Copyright (C) 2010-2012 Sucuri Security - http://sucuri.net
4
* Released under the GPL - see LICENSE file for details.
5
*/
6
if(!defined('SUCURISCAN'))
@@ -161,10 +161,10 @@ function sucuriscan_harden_upload()
161
if( isset($_POST['wpsucuri-doharden']) ){
162
if( isset($_POST['sucuriscan_harden_upload']) && $cp == 0 )
163
{
164
- if(file_put_contents($htaccess_upload,
165
"\n<Files *.php>\ndeny from all\n</Files>")===FALSE)
166
{
167
- $upmsg = sucuriscan_harden_error("ERROR: Unable to create .htaccess file.");
168
}
169
else
170
{
@@ -181,7 +181,7 @@ function sucuriscan_harden_upload()
181
$cp = 0;
182
if( preg_match('/<Files \*\.php>\ndeny from all\n<\/Files>/', $htaccess_content, $match) ){
183
$htaccess_content = str_replace("<Files *.php>\ndeny from all\n</Files>", '', $htaccess_content);
184
- file_put_contents($htaccess_upload, $htaccess_content, LOCK_EX);
185
}
186
sucuriscan_admin_notice('updated', '<strong>OK.</strong> WP-Content Uploads directory protection reverted.');
187
}else{
@@ -229,10 +229,10 @@ function sucuriscan_harden_wpcontent()
229
if( isset($_POST['wpsucuri-doharden']) ){
230
if( isset($_POST['sucuriscan_harden_wpcontent']) && $cp == 0 )
231
{
232
- if(file_put_contents($htaccess_upload,
233
"\n<Files *.php>\ndeny from all\n</Files>")===FALSE)
234
{
235
- $upmsg = sucuriscan_harden_error("ERROR: Unable to create .htaccess file.");
236
}
237
else
238
{
@@ -249,7 +249,7 @@ function sucuriscan_harden_wpcontent()
249
$cp = 0;
250
if( preg_match('/<Files \*\.php>\ndeny from all\n<\/Files>/', $htaccess_content, $match) ){
251
$htaccess_content = str_replace("<Files *.php>\ndeny from all\n</Files>", '', $htaccess_content);
252
- file_put_contents($htaccess_upload, $htaccess_content, LOCK_EX);
253
}
254
sucuriscan_admin_notice('updated', '<strong>OK.</strong> WP-Content directory protection reverted.');
255
}else{
@@ -297,10 +297,10 @@ function sucuriscan_harden_wpincludes()
297
if( isset($_POST['wpsucuri-doharden']) ){
298
if( isset($_POST['sucuriscan_harden_wpincludes']) && $cp == 0 )
299
{
300
- if(file_put_contents($htaccess_upload,
301
"\n<Files *.php>\ndeny from all\n</Files>\n<Files wp-tinymce.php>\nallow from all\n</Files>\n")===FALSE)
302
{
303
- $upmsg = sucuriscan_harden_error("ERROR: Unable to create .htaccess file.");
304
}
305
else
306
{
@@ -319,7 +319,7 @@ function sucuriscan_harden_wpincludes()
319
foreach($match[0] as $restriction){
320
$htaccess_content = str_replace($restriction, '', $htaccess_content);
321
}
322
- file_put_contents($htaccess_upload, $htaccess_content, LOCK_EX);
323
}
324
sucuriscan_admin_notice('updated', '<strong>OK.</strong> WP-Includes directory protection reverted.');
325
}else{
@@ -359,3 +359,26 @@ function sucuriscan_harden_phpversion()
359
"This checks if you have the latest version of PHP installed.", NULL);
360
sucuriscan_wrapper_close();
361
}
1
<?php
2
/* Sucuri Security - SiteCheck Malware Scanner
3
+ * Copyright (C) 2010-2013 Sucuri Security - http://sucuri.net
4
* Released under the GPL - see LICENSE file for details.
5
*/
6
if(!defined('SUCURISCAN'))
161
if( isset($_POST['wpsucuri-doharden']) ){
162
if( isset($_POST['sucuriscan_harden_upload']) && $cp == 0 )
163
{
164
+ if(@file_put_contents($htaccess_upload,
165
"\n<Files *.php>\ndeny from all\n</Files>")===FALSE)
166
{
167
+ $upmsg = sucuriscan_harden_error("ERROR: Unable to create <code>.htaccess</code> file, folder destination is not writable.");
168
}
169
else
170
{
181
$cp = 0;
182
if( preg_match('/<Files \*\.php>\ndeny from all\n<\/Files>/', $htaccess_content, $match) ){
183
$htaccess_content = str_replace("<Files *.php>\ndeny from all\n</Files>", '', $htaccess_content);
184
+ @file_put_contents($htaccess_upload, $htaccess_content, LOCK_EX);
185
}
186
sucuriscan_admin_notice('updated', '<strong>OK.</strong> WP-Content Uploads directory protection reverted.');
187
}else{
229
if( isset($_POST['wpsucuri-doharden']) ){
230
if( isset($_POST['sucuriscan_harden_wpcontent']) && $cp == 0 )
231
{
232
+ if(@file_put_contents($htaccess_upload,
233
"\n<Files *.php>\ndeny from all\n</Files>")===FALSE)
234
{
235
+ $upmsg = sucuriscan_harden_error("ERROR: Unable to create <code>.htaccess</code> file, folder destination is not writable.");
236
}
237
else
238
{
249
$cp = 0;
250
if( preg_match('/<Files \*\.php>\ndeny from all\n<\/Files>/', $htaccess_content, $match) ){
251
$htaccess_content = str_replace("<Files *.php>\ndeny from all\n</Files>", '', $htaccess_content);
252
+ @file_put_contents($htaccess_upload, $htaccess_content, LOCK_EX);
253
}
254
sucuriscan_admin_notice('updated', '<strong>OK.</strong> WP-Content directory protection reverted.');
255
}else{
297
if( isset($_POST['wpsucuri-doharden']) ){
298
if( isset($_POST['sucuriscan_harden_wpincludes']) && $cp == 0 )
299
{
300
+ if(@file_put_contents($htaccess_upload,
301
"\n<Files *.php>\ndeny from all\n</Files>\n<Files wp-tinymce.php>\nallow from all\n</Files>\n")===FALSE)
302
{
303
+ $upmsg = sucuriscan_harden_error("ERROR: Unable to create <code>.htaccess</code> file, folder destination is not writable.");
304
}
305
else
306
{
319
foreach($match[0] as $restriction){
320
$htaccess_content = str_replace($restriction, '', $htaccess_content);
321
}
322
+ @file_put_contents($htaccess_upload, $htaccess_content, LOCK_EX);
323
}
324
sucuriscan_admin_notice('updated', '<strong>OK.</strong> WP-Includes directory protection reverted.');
325
}else{
359
"This checks if you have the latest version of PHP installed.", NULL);
360
sucuriscan_wrapper_close();
361
}
362
+
363
+ function sucuriscan_cloudproxy_enabled(){
364
+ $enabled = FALSE;
365
+
366
+ if(
367
+ isset($_SERVER['SUCURIREAL_REMOTE_ADDR'])
368
+ || preg_match('/cloudproxy.*\.sucuri\.net/', gethostbyaddr(gethostbyname($_SERVER['HTTP_HOST'])))
369
+ ){ $enabled = TRUE; }
370
+
371
+ sucuriscan_wrapper_open('Verify if your site is protected by a Web Firewall');
372
+ sucuriscan_harden_status(
373
+ $enabled, NULL,
374
+ 'Your website is protected by a Website Firewall (WAF)',
375
+ 'Your website is not protected by a Website Firewall (WAF)',
376
+ 'A WAF is a protection layer for your web site, blocking all sort of attacks (brute force attempts, DDoS, SQL injections, etc) and helping it remain
377
+ malware and blacklist free. This test checks if your site is using <a href="http://sucuri.net/services/preventive">Sucuri\'s CloudProxy WAF</a> to protect your site. ',
378
+ NULL
379
+ );
380
+ if( $enabled!==TRUE ){
381
+ echo '<a href="https://login.sucuri.net/signup2/create?CloudProxy" target="_blank" class="button button-primary">Harden it!</a>';
382
+ }
383
+ sucuriscan_wrapper_close();
384
+ }
lib/sidebar.php DELETED
@@ -1,22 +0,0 @@
1
- <div class="postbox-container" style="width:25%;min-width:200px;max-width:350px;">
2
- <div id="sidebar">
3
- <div id="sitecleanup" class="sucuriscan-sidebar">
4
- <h2><span class="promo">Is your website infected with malware? Blacklisted by Google?</span></h2>
5
- <p>Don't know where to start? Get cleared today by <a href="http://sucuri.net/signup">Sucuri Security</a>!
6
- </p>
7
- <p>
8
- <a class="button-primary" href="http://sucuri.net/tour">Read more »</a>
9
- </p>
10
- </div>
11
-
12
- <div id="sucuri-latest-posts" class="sucuriscan-sidebar">
13
- <h2><span class="promo">Need extra protection and security for your site? You need a WAF (website firewall)!</span></h2>
14
- <p>Check out our <a target="_blank" href="http://cloudproxy.sucuri.net/">Sucuri CloudProxy WAF</a>!
15
- </p>
16
- <p>
17
- <a target="_blank" class="button-primary" href="http://blog.sucuri.net/2013/03/virtual-patching-for-websites-with-sucuri-cloudproxy.html">Read more »</a>
18
- </p>
19
- </div>
20
-
21
- </div>
22
- </div>
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net, dremeda
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
- Stable tag:1.4.7
7
Tested up to: 3.6
8
9
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
@@ -66,6 +66,10 @@ the compromise on your site).
66
67
== Changelog ==
68
69
= 1.4.7 =
70
* Cleaning up the code a bit.
71
* Only displaying last login messages to admin users.
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
+ Stable tag:1.4.8
7
Tested up to: 3.6
8
9
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
66
67
== Changelog ==
68
69
+ = 1.4.8 =
70
+ * New and clean design for the scan results.
71
+ * Adding a web firewall check on our hardening page.
72
+
73
= 1.4.7 =
74
* Cleaning up the code a bit.
75
* Only displaying last login messages to admin users.
sucuri.php CHANGED
@@ -7,7 +7,7 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri Security
10
- Version: 1.4.7
11
Author URI: http://sucuri.net
12
*/
13
@@ -23,8 +23,8 @@ if(!function_exists('add_action'))
23
@ignore_user_abort(TRUE);
24
25
define('SUCURISCAN','sucuriscan');
26
- define('SUCURISCAN_VERSION','1.4.7');
27
- define( 'SUCURI_URL',plugin_dir_url( __FILE__ ));
28
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
29
define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);
30
@@ -96,126 +96,160 @@ function sucuri_scan_page()
96
97
function sucuriscan_print_scan()
98
{
99
- $myresults = wp_remote_get('http://sitecheck.sucuri.net/scanner/?serialized&clear&fromwp&scan='.home_url(), array('timeout' => 180));
100
-
101
- if(is_wp_error($myresults))
102
- {
103
- print_r($myresults);
104
- return;
105
- }
106
-
107
- $res = unserialize($myresults['body']);
108
109
echo '<div class="wrap">';
110
- echo '<h2 id="warnings_hook"></h2>';
111
- echo '<div class="sucuriscan_header"><img src="'.SUCURI_URL.'/inc/images/logo.png">';
112
- sucuriscan_pagestop("Sucuri SiteCheck Malware Scanner");
113
- echo '</div>';
114
115
echo '<div class="postbox-container" style="width:75%;">';
116
echo '<div class="sucuriscan-maincontent">';
117
118
- if(!isset($res['MALWARE']['WARN']))
119
- {
120
- echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
121
- '.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
122
- No malware was identified</h3>';
123
-
124
- echo "<p><strong>Malware:</strong> No.</p>";
125
- echo "<p><strong>Malicious javascript:</strong> No.</p>";
126
- echo "<p><strong>Malicious iframes:</strong> No.</p>";
127
- echo "<p><strong>Suspicious redirections (htaccess):</strong> No.</p>";
128
- echo "<p><strong>Blackhat SEO Spam:</strong> No.</p>";
129
- echo "<p><strong>Anomaly detection:</strong> Clean.</p>";
130
- }
131
- else
132
- {
133
- echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
134
- '.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
135
- Site compromised (malware was identified)</h3>';
136
- foreach($res['MALWARE']['WARN'] as $malres)
137
- {
138
- if(!is_array($malres))
139
- {
140
- echo htmlspecialchars($malres);
141
- }
142
- else
143
- {
144
- $mwdetails = explode("\n", htmlspecialchars($malres[1]));
145
- echo htmlspecialchars($malres[0])."\n<br />". substr($mwdetails[0], 1)."<br />\n";
146
- }
147
- }
148
- echo "<br />";
149
- }
150
- echo '<i>More details here: <a href="http://sitecheck.sucuri.net/scanner/?&scan='.home_url().'">http://sitecheck.sucuri.net/scanner/?&scan='.home_url().'</a></i>';
151
-
152
- echo "<hr />\n";
153
- echo '<i>If our free scanner did not detect any issue, you may have a more complicated and hidden problem. You can try our <a href="admin.php?page=sucuriscan_core_integrity">WordPress integrity checks</a> or sign up with Sucuri <a target="_blank" href="http://sucuri.net/signup">here</a> for a complete and in depth scan+cleanup (not included in the free checks).</i>';
154
- echo "<hr />\n";
155
- if(isset($res['BLACKLIST']['WARN']))
156
- {
157
- echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
158
- '.site_url().'/wp-content/plugins/sucuri-scanner/images/warn.png" /> &nbsp;
159
- Site blacklisted</h3>';
160
- }
161
- else
162
- {
163
- echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
164
- '.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
165
- Site blacklist-free</h3>';
166
- }
167
- if(isset($res['BLACKLIST']['INFO']))
168
- {
169
- foreach($res['BLACKLIST']['INFO'] as $blres)
170
- {
171
- echo "<b>CLEAN: </b>".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
172
- }
173
- }
174
- if(isset($res['BLACKLIST']['WARN']))
175
- {
176
- foreach($res['BLACKLIST']['WARN'] as $blres)
177
- {
178
- echo "<b>WARN: </b>".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
179
- }
180
- }
181
-
182
- echo "<hr />\n";
183
- global $wp_version;
184
- if(strcmp($wp_version, "3.5") >= 0)
185
- {
186
- echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
187
- '.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
188
- System info (WordPress upgraded)</h3>';
189
- }
190
- else
191
- {
192
- echo '<h3><img style="position:relative;top:5px" height="22" width="22" src="
193
- '.site_url().'/wp-content/plugins/sucuri-scanner/images/warn.png" /> &nbsp;
194
- System info (WordPress outdated)</h3>';
195
- }
196
-
197
- echo "<b>Site:</b> ".$res['SCAN']['SITE'][0]." (".$res['SCAN']['IP'][0].")<br />\n";
198
- echo "<b>WordPress: </b> $wp_version<br />\n";
199
- echo "<b>PHP: </b> ".phpversion()."<br />\n";
200
-
201
- if(isset($res['SYSTEM']['NOTICE']))
202
- {
203
- foreach($res['SYSTEM']['NOTICE'] as $notres)
204
- {
205
- if(is_array($notres))
206
- {
207
- echo htmlspecialchars($notres[0]). " ".htmlspecialchars($notres[1]);
208
- }
209
- else
210
- {
211
- echo htmlspecialchars($notres)."<br />\n";
212
- }
213
- }
214
- }
215
216
- ?>
217
<p>If you have any questions about these checks or this plugin, contact us at support@sucuri.net or visit <a href="http://sucuri.net">http://sucuri.net</a></p>
218
-
219
</div><!-- End sucuriscan-maincontent -->
220
</div><!-- End postbox-container -->
221
@@ -522,22 +556,26 @@ function sucuriscan_posthack_page()
522
$reset_password = ( isset($_POST['sucuri_reset_password']) && $_POST['sucuri_reset_password']==1 ) ? TRUE : FALSE;
523
524
if( $reset_password ){
525
- $user_identifiers = $_POST['user_ids'];
526
$pwd_changed = $pwd_not_changed = array();
527
- arsort($user_identifiers);
528
529
- foreach($user_identifiers as $user_id){
530
- if( sucuriscan_new_password($user_id) ){
531
- $pwd_changed[] = $user_id;
532
- }else{
533
- $pwd_not_changed[] = $user_id;
534
}
535
- }
536
- if( !empty($pwd_changed) ){
537
- sucuriscan_admin_notice('updated', '<strong>OK.</strong> Password changed successfully for users: '.implode(', ',$pwd_changed));
538
- }
539
- if( !empty($pwd_not_changed) ){
540
- sucuriscan_admin_notice('error', '<strong>Error.</strong> Password change failed for users: '.implode(', ',$pwd_not_changed));
541
}
542
}else{
543
sucuriscan_admin_notice('error', '<strong>Error.</strong> You need to confirm that you understand the risk of this operation');
@@ -600,9 +638,14 @@ function sucuriscan_lastlogins_page()
600
'SucuriWPSidebar'=>sucuriscan_wp_sidebar_gen(),
601
'UserList'=>'',
602
'CurrentURL'=>site_url().'/wp-admin/admin.php?page='.$_GET['page'],
603
- 'LastLogins.DatastoreWritable'=>sucuriscan_lastlogins_datastore_is_writable() ? 'hidden' : 'visible',
604
);
605
606
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : SUCURISCAN_LASTLOGINS_USERSLIMIT;
607
$template_variables['UserList.ShowAll'] = $limit>0 ? 'visible' : 'hidden';
608
@@ -621,9 +664,14 @@ function sucuriscan_lastlogins_page()
621
echo sucuriscan_get_template('lastlogins.html.tpl', $template_variables);
622
}
623
624
- function sucuriscan_lastlogins_datastore_exists(){
625
$plugin_upload_folder = sucuriscan_dir_filepath();
626
$datastore_filepath = rtrim($plugin_upload_folder,'/').'/sucuri-lastlogins.php';
627
628
if( !file_exists($datastore_filepath) ){
629
if( @file_put_contents($datastore_filepath, "<?php exit(0); ?>\n", LOCK_EX) ){
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri Security
10
+ Version: 1.4.8
11
Author URI: http://sucuri.net
12
*/
13
23
@ignore_user_abort(TRUE);
24
25
define('SUCURISCAN','sucuriscan');
26
+ define('SUCURISCAN_VERSION','1.4.8');
27
+ define('SUCURI_URL',plugin_dir_url( __FILE__ ));
28
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
29
define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);
30
96
97
function sucuriscan_print_scan()
98
{
99
+ $website_scanned = home_url();
100
+ $myresults = wp_remote_get('http://sitecheck.sucuri.net/scanner/?serialized&clear&fromwp&scan='.$website_scanned, array('timeout' => 180));
101
102
echo '<div class="wrap">';
103
+ echo '<h2 id="warnings_hook"></h2>';
104
+ echo '<div class="sucuriscan_header"><img src="'.SUCURI_URL.'/inc/images/logo.png">';
105
+ sucuriscan_pagestop("Sucuri SiteCheck Malware Scanner");
106
+ echo '</div>';
107
108
echo '<div class="postbox-container" style="width:75%;">';
109
echo '<div class="sucuriscan-maincontent">';
110
111
+ if(is_wp_error($myresults))
112
+ {
113
+ echo '<div id="poststuff">';
114
+ echo '<div class="postbox">';
115
+ echo '<h3>Error retrieving the scan report</h3>';
116
+
117
+ echo '<div class="inside">';
118
+ print_r($myresults);
119
+ echo '</div>';
120
+ echo '</div>';
121
+ echo '</div>';
122
+ }else{
123
+ $res = unserialize($myresults['body']);
124
+
125
+
126
+ // Check for general warnings, and return the information for Infected/Clean site.
127
+ $malware_warns_exists = isset($res['MALWARE']['WARN']) ? TRUE : FALSE;
128
+ echo '<div id="poststuff">';
129
+ echo '<div class="postbox">';
130
+ echo '<h3>';
131
+ if( !$malware_warns_exists ){
132
+ echo '<img style="position:relative;top:5px" height="22" width="22" src="
133
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
134
+ No malware was identified';
135
+ }else{
136
+ echo '<img style="position:relative;top:5px" height="22" width="22" src="
137
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/warn.png" /> &nbsp;
138
+ Site compromised (malware was identified)';
139
+ }
140
+ echo '</h3>';
141
+ echo '<div class="inside">';
142
+ if( !$malware_warns_exists ){
143
+ echo "<p><strong>Malware:</strong> No.</p>";
144
+ echo "<p><strong>Malicious javascript:</strong> No.</p>";
145
+ echo "<p><strong>Malicious iframes:</strong> No.</p>";
146
+ echo "<p><strong>Suspicious redirections (htaccess):</strong> No.</p>";
147
+ echo "<p><strong>Blackhat SEO Spam:</strong> No.</p>";
148
+ echo "<p><strong>Anomaly detection:</strong> Clean.</p>";
149
+ }else{
150
+ foreach($res['MALWARE']['WARN'] as $malres)
151
+ {
152
+ if(!is_array($malres))
153
+ {
154
+ echo htmlspecialchars($malres);
155
+ }
156
+ else
157
+ {
158
+ $mwdetails = explode("\n", htmlspecialchars($malres[1]));
159
+ echo htmlspecialchars($malres[0])."\n<br />". substr($mwdetails[0], 1)."<br />\n";
160
+ }
161
+ }
162
+ }
163
+ echo "<br />";
164
+ echo '<i>More details here: <a href="http://sitecheck.sucuri.net/scanner/?scan='.$website_scanned.'">http://sitecheck.sucuri.net/scanner/?scan='.$website_scanned.'</a></i>';
165
+ echo "<hr />\n";
166
+ echo '<i>If our free scanner did not detect any issue, you may have a more complicated and hidden problem. You can try our <a href="admin.php?page=sucuriscan_core_integrity">WordPress integrity checks</a> or sign up with Sucuri <a target="_blank" href="http://sucuri.net/signup">here</a> for a complete and in depth scan+cleanup (not included in the free checks).</i>';
167
+ echo "<hr />\n";
168
+ echo '</div>';
169
+ echo '</div>';
170
+ echo '</div>';
171
+
172
+
173
+ // Check for blacklist reports, and return the information retrieved from multiple blacklist services.
174
+ echo '<div id="poststuff">';
175
+ echo '<div class="postbox">';
176
+ echo '<h3>';
177
+ if(isset($res['BLACKLIST']['WARN']))
178
+ {
179
+ echo '<img style="position:relative;top:5px" height="22" width="22" src="
180
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/warn.png" /> &nbsp;
181
+ Site blacklisted';
182
+ }
183
+ else
184
+ {
185
+ echo '<img style="position:relative;top:5px" height="22" width="22" src="
186
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
187
+ Site blacklist-free';
188
+ }
189
+ echo '</h3>';
190
+ echo '<div class="inside">';
191
+ if(isset($res['BLACKLIST']['INFO']))
192
+ {
193
+ foreach($res['BLACKLIST']['INFO'] as $blres)
194
+ {
195
+ echo "<b>CLEAN: </b>".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
196
+ }
197
+ }
198
+ if(isset($res['BLACKLIST']['WARN']))
199
+ {
200
+ foreach($res['BLACKLIST']['WARN'] as $blres)
201
+ {
202
+ echo "<b>WARN: </b>".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
203
+ }
204
+ }
205
+ echo '</div>';
206
+ echo '</div>';
207
+ echo '</div>';
208
+
209
+
210
+ // Check for general versions in some common services/software used to serve this website.
211
+ global $wp_version;
212
+ echo '<div id="poststuff">';
213
+ echo '<div class="postbox">';
214
+ echo '<h3>';
215
+ if(strcmp($wp_version, "3.5") >= 0)
216
+ {
217
+ echo '<img style="position:relative;top:5px" height="22" width="22" src="
218
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
219
+ System info (WordPress upgraded)';
220
+ }
221
+ else
222
+ {
223
+ echo '<img style="position:relative;top:5px" height="22" width="22" src="
224
+ '.site_url().'/wp-content/plugins/sucuri-scanner/images/warn.png" /> &nbsp;
225
+ System info (WordPress outdated)';
226
+ }
227
+ echo '</h3>';
228
+ echo '<div class="inside">';
229
+ echo "<b>Site:</b> ".$res['SCAN']['SITE'][0]." (".$res['SCAN']['IP'][0].")<br />\n";
230
+ echo "<b>WordPress: </b> $wp_version<br />\n";
231
+ echo "<b>PHP: </b> ".phpversion()."<br />\n";
232
+ if(isset($res['SYSTEM']['NOTICE']))
233
+ {
234
+ foreach($res['SYSTEM']['NOTICE'] as $notres)
235
+ {
236
+ if(is_array($notres))
237
+ {
238
+ echo htmlspecialchars($notres[0]). " ".htmlspecialchars($notres[1]);
239
+ }
240
+ else
241
+ {
242
+ echo htmlspecialchars($notres)."<br />\n";
243
+ }
244
+ }
245
+ }
246
+ echo '</div>';
247
+ echo '</div>';
248
+ echo '</div>';
249
+ }
250
+ ?>
251
252
<p>If you have any questions about these checks or this plugin, contact us at support@sucuri.net or visit <a href="http://sucuri.net">http://sucuri.net</a></p>
253
</div><!-- End sucuriscan-maincontent -->
254
</div><!-- End postbox-container -->
255
556
$reset_password = ( isset($_POST['sucuri_reset_password']) && $_POST['sucuri_reset_password']==1 ) ? TRUE : FALSE;
557
558
if( $reset_password ){
559
+ $user_identifiers = isset($_POST['user_ids']) ? $_POST['user_ids'] : array();
560
$pwd_changed = $pwd_not_changed = array();
561
562
+ if( is_array($user_identifiers) && !empty($user_identifiers) ){
563
+ arsort($user_identifiers);
564
+ foreach($user_identifiers as $user_id){
565
+ if( sucuriscan_new_password($user_id) ){
566
+ $pwd_changed[] = $user_id;
567
+ }else{
568
+ $pwd_not_changed[] = $user_id;
569
+ }
570
}
571
+ if( !empty($pwd_changed) ){
572
+ sucuriscan_admin_notice('updated', '<strong>OK.</strong> Password changed successfully for users: '.implode(', ',$pwd_changed));
573
+ }
574
+ if( !empty($pwd_not_changed) ){
575
+ sucuriscan_admin_notice('error', '<strong>Error.</strong> Password change failed for users: '.implode(', ',$pwd_not_changed));
576
+ }
577
+ }else{
578
+ sucuri_admin_notice('error', '<strong>Error.</strong> You did not select any user account to be reseted');
579
}
580
}else{
581
sucuriscan_admin_notice('error', '<strong>Error.</strong> You need to confirm that you understand the risk of this operation');
638
'SucuriWPSidebar'=>sucuriscan_wp_sidebar_gen(),
639
'UserList'=>'',
640
'CurrentURL'=>site_url().'/wp-admin/admin.php?page='.$_GET['page'],
641
);
642
643
+ if( !sucuriscan_lastlogins_datastore_is_writable() ){
644
+ sucuri_admin_notice('error', '<strong>Error.</strong> The last-logins datastore
645
+ file is not writable, gives permissions to write in this location:<br>'.
646
+ '<code>'.sucuri_lastlogins_datastore_filepath().'</code>');
647
+ }
648
+
649
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : SUCURISCAN_LASTLOGINS_USERSLIMIT;
650
$template_variables['UserList.ShowAll'] = $limit>0 ? 'visible' : 'hidden';
651
664
echo sucuriscan_get_template('lastlogins.html.tpl', $template_variables);
665
}
666
667
+ function sucuriscan_lastlogins_datastore_filepath(){
668
$plugin_upload_folder = sucuriscan_dir_filepath();
669
$datastore_filepath = rtrim($plugin_upload_folder,'/').'/sucuri-lastlogins.php';
670
+ return $datastore_filepath;
671
+ }
672
+
673
+ function sucuriscan_lastlogins_datastore_exists(){
674
+ $datastore_filepath = sucuriscan_lastlogins_datastore_filepath();
675
676
if( !file_exists($datastore_filepath) ){
677
if( @file_put_contents($datastore_filepath, "<?php exit(0); ?>\n", LOCK_EX) ){
sucuriscan_hardening.php CHANGED
@@ -12,50 +12,46 @@ if(!defined('SUCURISCAN'))
12
13
/* Sucuri one-click hardening page. */
14
15
- function sucuriscan_hardening_lib()
16
- {
17
- echo '<h2 id="warnings_hook"></h2>';
18
- echo '<div class="postbox-container" style="width:75%;">';
19
- echo '<div class="sucuriscan-maincontent">';
20
-
21
- echo '<div class="postbox">';
22
- echo '<div class="inside">';
23
- echo '<h2 align="center">Help secure your WordPress install with <a href="http://sucuri.net/signup">Sucuri</a> 1-Click Hardening Options.</h2>';
24
- echo '</div>';
25
- echo '</div>';
26
-
27
- include_once("lib/hardening.php");
28
-
29
- if(isset($_POST['wpsucuri-doharden']))
30
- {
31
- if(!wp_verify_nonce($_POST['sucuriscan_wphardeningnonce'], 'sucuriscan_wphardeningnonce'))
32
- {
33
- unset($_POST['wpsucuri-doharden']);
34
- }
35
- }
36
-
37
- ?>
38
-
39
- <div id="poststuff">
40
-
41
- <?php
42
-
43
- echo '<form action="" method="post">'.
44
- '<input type="hidden" name="sucuriscan_wphardeningnonce" value="'.wp_create_nonce('sucuriscan_wphardeningnonce').'" />'.
45
- '<input type="hidden" name="wpsucuri-doharden" value="wpsucuri-doharden" />'.
46
-
47
- sucuriscan_harden_version();
48
- sucuri_harden_removegenerator();
49
- sucuriscan_harden_upload();
50
- sucuriscan_harden_wpcontent();
51
- sucuriscan_harden_wpincludes();
52
- sucuriscan_harden_phpversion();
53
- echo '</form>'
54
?>
55
56
- <p align="center"><strong>If you have any questions about these checks or this plugin, contact us at <a href="mailto:info@sucuri.net">info@sucuri.net</a> or visit <a href="http://sucuri.net">Sucuri Security</a></strong></p>
57
-
58
- </div>
59
-
60
<?php
61
}
12
13
/* Sucuri one-click hardening page. */
14
15
+ function sucuriscan_hardening_lib(){ ?>
16
+ <h2 id="warnings_hook"></h2>
17
+ <div class="postbox-container" style="width:75%">
18
+ <div class="sucuriscan-maincontent">
19
+ <div class="postbox">
20
+ <div class="inside">
21
+ <h2 align="center">Help secure your WordPress install with <a href="http://sucuri.net/signup">Sucuri</a> 1-Click Hardening Options.</h2>
22
+ </div>
23
+ </div>
24
+
25
+ <?php
26
+ include_once('lib/hardening.php');
27
+ if( isset($_POST['wpsucuri-doharden']) ){
28
+ if(!wp_verify_nonce($_POST['sucuriscan_wphardeningnonce'], 'sucuriscan_wphardeningnonce'))
29
+ {
30
+ unset($_POST['wpsucuri-doharden']);
31
+ }
32
+ }
33
?>
34
35
+ <div id="poststuff">
36
+ <form method="post">
37
+ <input type="hidden" name="sucuriscan_wphardeningnonce" value="<?php echo wp_create_nonce('sucuriscan_wphardeningnonce'); ?>" />
38
+ <input type="hidden" name="wpsucuri-doharden" value="wpsucuri-doharden" />
39
+ <?php
40
+ sucuriscan_harden_version();
41
+ sucuriscan_cloudproxy_enabled();
42
+ sucuri_harden_removegenerator();
43
+ sucuriscan_harden_upload();
44
+ sucuriscan_harden_wpcontent();
45
+ sucuriscan_harden_wpincludes();
46
+ sucuriscan_harden_phpversion();
47
+ ?>
48
+ </form>
49
+
50
+ <p align="center">
51
+ <strong>If you have any questions about these checks or this plugin, contact us at
52
+ <a href="mailto:info@sucuri.net">info@sucuri.net</a> or visit <a href="http://sucuri.net">
53
+ Sucuri Security</a></strong>
54
+ </p>
55
+ </div><!-- End poststuff -->
56
<?php
57
}