Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.5.0

Version Description

  • Fixing last login and giving better warns on permission errors.
  • Making the integrity check messages more clear.
Download this release

Release Info

Developer yorman
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.5.0
Comparing to
See all releases

Code changes from version 1.4.9 to 1.5.0

inc/css/sucuriscan-default-css.css CHANGED
@@ -21,3 +21,5 @@
21
.sucuri-inline-error{font-weight:bold;color:red}
22
.sucuri-list li{list-style:disc;margin:0 0 5px 15px}
23
.sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
21
.sucuri-inline-error{font-weight:bold;color:red}
22
.sucuri-list li{list-style:disc;margin:0 0 5px 15px}
23
.sucuriscan-maincontent hr{border:none;border-top:1px solid #999}
24
+ .sucuriscan-maincontent table td > table{background:#fff}
25
+ .sucuriscan-maincontent table td > table th{padding:4px 8px}
inc/tpl/integrity-admins.snippet.tpl CHANGED
@@ -2,7 +2,8 @@
2
<td>%%SUCURI.AdminUsers.Username%%</td>
3
<td><a href="mailto:%%SUCURI.AdminUsers.Email%%">%%SUCURI.AdminUsers.Email%%</a></td>
4
<td class="adminusers-lastlogin">
5
- <table>
6
<thead>
7
<tr>
8
<th>IP Address</th>
2
<td>%%SUCURI.AdminUsers.Username%%</td>
3
<td><a href="mailto:%%SUCURI.AdminUsers.Email%%">%%SUCURI.AdminUsers.Email%%</a></td>
4
<td class="adminusers-lastlogin">
5
+ <div class="sucuri-%%SUCURI.AdminUsers.NoLastLogins%%">There isn't information available for this account.</div>
6
+ <table class="widefat sucuri-%%SUCURI.AdminUsers.NoLastLoginsTable%%">
7
<thead>
8
<tr>
9
<th>IP Address</th>
lib/core_integrity.php CHANGED
@@ -182,11 +182,18 @@ function sucuriwp_list_admins($userlevel = '10') {
182
'AdminUsers.Email'=>$admin->user_email,
183
'AdminUsers.LastLogins'=>''
184
);
185
- foreach($admin->lastlogins as $lastlogin){
186
- $user_snippet['AdminUsers.LastLogins'] .= sucuriscan_get_template('integrity-admins-lastlogin.snippet.tpl', array(
187
- 'AdminUsers.RemoteAddr'=>$lastlogin->user_remoteaddr,
188
- 'AdminUsers.Datetime'=>$lastlogin->user_lastlogin
189
- ));
190
}
191
192
$template_variables['AdminUsers.UserList'] .= sucuriscan_get_template('integrity-admins.snippet.tpl', $user_snippet);
182
'AdminUsers.Email'=>$admin->user_email,
183
'AdminUsers.LastLogins'=>''
184
);
185
+ if( !empty($admin->lastlogins) ){
186
+ $user_snippet['AdminUsers.NoLastLogins'] = 'hidden';
187
+ $user_snippet['AdminUsers.NoLastLoginsTable'] = 'visible';
188
+ foreach($admin->lastlogins as $lastlogin){
189
+ $user_snippet['AdminUsers.LastLogins'] .= sucuriscan_get_template('integrity-admins-lastlogin.snippet.tpl', array(
190
+ 'AdminUsers.RemoteAddr'=>$lastlogin->user_remoteaddr,
191
+ 'AdminUsers.Datetime'=>$lastlogin->user_lastlogin
192
+ ));
193
+ }
194
+ }else{
195
+ $user_snippet['AdminUsers.NoLastLogins'] = 'visible';
196
+ $user_snippet['AdminUsers.NoLastLoginsTable'] = 'hidden';
197
}
198
199
$template_variables['AdminUsers.UserList'] .= sucuriscan_get_template('integrity-admins.snippet.tpl', $user_snippet);
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net, dremeda
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
- Stable tag:1.4.9
7
Tested up to: 3.6
8
9
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
@@ -66,6 +66,10 @@ the compromise on your site).
66
67
== Changelog ==
68
69
= 1.4.8 =
70
* New and clean design for the scan results.
71
* Adding a web firewall check on our hardening page.
3
Donate Link: http://sitecheck.sucuri.net
4
Tags: malware, security, scan, spam, virus, sucuri, WordPress,
5
Requires at least:3.2
6
+ Stable tag:1.5.0
7
Tested up to: 3.6
8
9
The Sucuri Security - SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck and verify the integrity of your core files right in your dashboard. It also includes post-hack options to help you reset passwords and secret keys in case it has been already hacked.
66
67
== Changelog ==
68
69
+ = 1.5.0 =
70
+ * Fixing last login and giving better warns on permission errors.
71
+ * Making the integrity check messages more clear.
72
+
73
= 1.4.8 =
74
* New and clean design for the scan results.
75
* Adding a web firewall check on our hardening page.
sucuri.php CHANGED
@@ -7,7 +7,7 @@ Description: The <a href="http://sucuri.net">Sucuri Security</a> - SiteCheck Mal
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri Security
10
- Version: 1.4.9
11
Author URI: http://sucuri.net
12
*/
13
@@ -23,11 +23,28 @@ if(!function_exists('add_action'))
23
@ignore_user_abort(TRUE);
24
25
define('SUCURISCAN','sucuriscan');
26
- define('SUCURISCAN_VERSION','1.4.9');
27
define('SUCURI_URL',plugin_dir_url( __FILE__ ));
28
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
29
define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);
30
31
/* Requires files. */
32
add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
33
function sucuriscan_admin_script_style_registration() { ?>
@@ -140,12 +157,12 @@ function sucuriscan_print_scan()
140
echo '</h3>';
141
echo '<div class="inside">';
142
if( !$malware_warns_exists ){
143
- echo "<p><strong>Malware:</strong> No.</p>";
144
- echo "<p><strong>Malicious javascript:</strong> No.</p>";
145
- echo "<p><strong>Malicious iframes:</strong> No.</p>";
146
- echo "<p><strong>Suspicious redirections (htaccess):</strong> No.</p>";
147
- echo "<p><strong>Blackhat SEO Spam:</strong> No.</p>";
148
- echo "<p><strong>Anomaly detection:</strong> Clean.</p>";
149
}else{
150
foreach($res['MALWARE']['WARN'] as $malres)
151
{
@@ -188,18 +205,16 @@ function sucuriscan_print_scan()
188
}
189
echo '</h3>';
190
echo '<div class="inside">';
191
- if(isset($res['BLACKLIST']['INFO']))
192
- {
193
- foreach($res['BLACKLIST']['INFO'] as $blres)
194
- {
195
- echo "<b>CLEAN: </b>".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
196
- }
197
- }
198
- if(isset($res['BLACKLIST']['WARN']))
199
- {
200
- foreach($res['BLACKLIST']['WARN'] as $blres)
201
- {
202
- echo "<b>WARN: </b>".htmlspecialchars($blres[0])." <a href=''>".htmlspecialchars($blres[1])."</a><br />";
203
}
204
}
205
echo '</div>';
@@ -209,10 +224,16 @@ function sucuriscan_print_scan()
209
210
// Check for general versions in some common services/software used to serve this website.
211
global $wp_version;
212
echo '<div id="poststuff">';
213
echo '<div class="postbox">';
214
echo '<h3>';
215
- if(strcmp($wp_version, "3.5") >= 0)
216
{
217
echo '<img style="position:relative;top:5px" height="22" width="22" src="
218
'.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
@@ -643,7 +664,7 @@ function sucuriscan_lastlogins_page()
643
if( !sucuriscan_lastlogins_datastore_is_writable() ){
644
sucuriscan_admin_notice('error', '<strong>Error.</strong> The last-logins datastore
645
file is not writable, gives permissions to write in this location:<br>'.
646
- '<code>'.sucuri_lastlogins_datastore_filepath().'</code>');
647
}
648
649
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : SUCURISCAN_LASTLOGINS_USERSLIMIT;
7
You can also scan your site at <a href="http://sitecheck.sucuri.net">SiteCheck.Sucuri.net</a>.
8
9
Author: Sucuri Security
10
+ Version: 1.5.0
11
Author URI: http://sucuri.net
12
*/
13
23
@ignore_user_abort(TRUE);
24
25
define('SUCURISCAN','sucuriscan');
26
+ define('SUCURISCAN_VERSION','1.5.0');
27
define('SUCURI_URL',plugin_dir_url( __FILE__ ));
28
define('SUCURISCAN_PLUGIN_FOLDER', 'sucuri-scanner');
29
define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 100);
30
31
+ if( !function_exists('sucuriscan_create_uploaddir') ){
32
+ function sucuriscan_create_uploaddir(){
33
+ $plugin_upload_folder = sucuriscan_dir_filepath();
34
+ if( !file_exists($plugin_upload_folder) ){
35
+ if( @mkdir($plugin_upload_folder) ){
36
+ sucuriscan_lastlogins_datastore_exists();
37
+ }else{
38
+ sucuriscan_admin_notice('error', "<strong>Error.</strong> Sucuri data folder doesn't
39
+ exists and couldn't be created. You'll need to create this folder manually and
40
+ give it write permissions:<br><code>{$plugin_upload_folder}</code>");
41
+ }
42
+ }
43
+ }
44
+
45
+ add_action('admin_init', 'sucuriscan_create_uploaddir');
46
+ }
47
+
48
/* Requires files. */
49
add_action( 'admin_enqueue_scripts', 'sucuriscan_admin_script_style_registration', 1 );
50
function sucuriscan_admin_script_style_registration() { ?>
157
echo '</h3>';
158
echo '<div class="inside">';
159
if( !$malware_warns_exists ){
160
+ echo "<span><strong>Malware:</strong> No.</span><br>";
161
+ echo "<span><strong>Malicious javascript:</strong> No.</span><br>";
162
+ echo "<span><strong>Malicious iframes:</strong> No.</span><br>";
163
+ echo "<span><strong>Suspicious redirections (htaccess):</strong> No.</span><br>";
164
+ echo "<span><strong>Blackhat SEO Spam:</strong> No.</span><br>";
165
+ echo "<span><strong>Anomaly detection:</strong> Clean.</span><br>";
166
}else{
167
foreach($res['MALWARE']['WARN'] as $malres)
168
{
205
}
206
echo '</h3>';
207
echo '<div class="inside">';
208
+ foreach(array(
209
+ 'INFO'=>'CLEAN',
210
+ 'WARN'=>'WARNING'
211
+ ) as $type=>$group_title){
212
+ if( isset($res['BLACKLIST'][$type]) ){
213
+ foreach($res['BLACKLIST'][$type] as $blres){
214
+ $report_site = htmlspecialchars($blres[0]);
215
+ $report_url = htmlspecialchars($blres[1]);
216
+ echo "<b>{$group_title}: </b>{$report_site} <a href='{$report_url}' target='_blank'>{$report_url}</a><br />";
217
+ }
218
}
219
}
220
echo '</div>';
224
225
// Check for general versions in some common services/software used to serve this website.
226
global $wp_version;
227
+ $wordpress_updated = FALSE;
228
+ $updates = function_exists('get_core_updates') ? get_core_updates() : array();
229
+ if( !is_array($updates) || empty($updates) || $updates[0]->response=='latest' ){
230
+ $wordpress_updated = TRUE;
231
+ }
232
+
233
echo '<div id="poststuff">';
234
echo '<div class="postbox">';
235
echo '<h3>';
236
+ if($wordpress_updated)
237
{
238
echo '<img style="position:relative;top:5px" height="22" width="22" src="
239
'.site_url().'/wp-content/plugins/sucuri-scanner/images/ok.png" /> &nbsp;
664
if( !sucuriscan_lastlogins_datastore_is_writable() ){
665
sucuriscan_admin_notice('error', '<strong>Error.</strong> The last-logins datastore
666
file is not writable, gives permissions to write in this location:<br>'.
667
+ '<code>'.sucuriscan_lastlogins_datastore_filepath().'</code>');
668
}
669
670
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : SUCURISCAN_LASTLOGINS_USERSLIMIT;
sucuriscan_core_integrity.php CHANGED
@@ -12,14 +12,14 @@ if(!defined('SUCURISCAN'))
12
13
/* Sucuri WordPress Integrity page. */
14
15
- function sucuriscan_core_integrity_function_wrapper($function_name, $description)
16
{
17
echo '<div class="postbox">';
18
echo '<div class="inside">';
19
echo '<form action="" method="post">'.
20
'<input type="hidden" name="'.$function_name.'nonce" value="'.wp_create_nonce($function_name.'nonce').'" />'.
21
'<input type="hidden" name="'.$function_name.'" value="'.$function_name.'" />'.
22
-
23
'<p>'.$description.'</p>'.
24
'<input class="button-primary" type="submit" name="'.$function_name.'" value="Check">'.
25
'</form>';
@@ -38,7 +38,7 @@ function sucuriscan_core_integrity_wp_content_wrapper()
38
echo '<form action="" method="post">'.
39
'<input type="hidden" name="sucuriwp_content_checknonce" value="'.wp_create_nonce('sucuriwp_content_checknonce').'" />'.
40
'<input type="hidden" name="sucuriwp_content_check" value="sucuriwp_content_check" />'.
41
-
42
'<p>This test will list all files inside wp-content that have been modified in the past
43
44
<select name="sucuriwp_content_check_back">
@@ -88,6 +88,7 @@ function sucuriscan_core_integrity_lib()
88
89
sucuriscan_core_integrity_function_wrapper(
90
'sucuriwp_core_integrity_check',
91
'This test will check wp-includes, wp-admin, and the top directory files against the latest WordPress hashing database. If any of those files were modified, it is a big sign of a possible compromise.'
92
);
93
@@ -95,14 +96,17 @@ function sucuriscan_core_integrity_lib()
95
96
sucuriscan_core_integrity_function_wrapper(
97
'sucuriwp_list_admins',
98
'List all administrator users and their latest login time.'
99
);
100
sucuriscan_core_integrity_function_wrapper(
101
'sucuriwp_check_plugins',
102
'This test will list any outdated (active) plugins.'
103
);
104
sucuriscan_core_integrity_function_wrapper(
105
'sucuriwp_check_themes',
106
'This test will list any outdated theme.'
107
);
108
?>
12
13
/* Sucuri WordPress Integrity page. */
14
15
+ function sucuriscan_core_integrity_function_wrapper($function_name, $stitle, $description)
16
{
17
echo '<div class="postbox">';
18
echo '<div class="inside">';
19
echo '<form action="" method="post">'.
20
'<input type="hidden" name="'.$function_name.'nonce" value="'.wp_create_nonce($function_name.'nonce').'" />'.
21
'<input type="hidden" name="'.$function_name.'" value="'.$function_name.'" />'.
22
+ '<h4>'.$stitle.'</h4>'.
23
'<p>'.$description.'</p>'.
24
'<input class="button-primary" type="submit" name="'.$function_name.'" value="Check">'.
25
'</form>';
38
echo '<form action="" method="post">'.
39
'<input type="hidden" name="sucuriwp_content_checknonce" value="'.wp_create_nonce('sucuriwp_content_checknonce').'" />'.
40
'<input type="hidden" name="sucuriwp_content_check" value="sucuriwp_content_check" />'.
41
+ '<h4>Latest modified files</h4>'.
42
'<p>This test will list all files inside wp-content that have been modified in the past
43
44
<select name="sucuriwp_content_check_back">
88
89
sucuriscan_core_integrity_function_wrapper(
90
'sucuriwp_core_integrity_check',
91
+ 'Verify Integrity of WordPress Core Files',
92
'This test will check wp-includes, wp-admin, and the top directory files against the latest WordPress hashing database. If any of those files were modified, it is a big sign of a possible compromise.'
93
);
94
96
97
sucuriscan_core_integrity_function_wrapper(
98
'sucuriwp_list_admins',
99
+ 'Admin User Dump',
100
'List all administrator users and their latest login time.'
101
);
102
sucuriscan_core_integrity_function_wrapper(
103
'sucuriwp_check_plugins',
104
+ 'Outdated Plugin list',
105
'This test will list any outdated (active) plugins.'
106
);
107
sucuriscan_core_integrity_function_wrapper(
108
'sucuriwp_check_themes',
109
+ 'Outdated Theme List',
110
'This test will list any outdated theme.'
111
);
112
?>