Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.7.19

Version Description

  • Added function to rescue HTTP requests using sockets
  • Fixed mishandled JSON data in audit logs Ajax request
  • Modified list of CloudProxy features and promo video
Download this release

Release Info

Developer yorman
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.7.19
Comparing to
See all releases

Code changes from version 1.7.18 to 1.7.19

inc/tpl/bsidebar.html.tpl CHANGED
@@ -16,13 +16,12 @@
16
17
<div class="sucuriscan-ad-footer">
18
<ul>
19
- <li>Sucuri CloudProxy Firewall</li>
20
- <li class="featured">Stopping 33M+ attacks a month</li>
21
- <li>Web Application Firewall Protection</li>
22
<li>Virtual Website Patching</li>
23
- <li>Cloud Intrusion Prevention System</li>
24
- <li>High Security Website Monitoring</li>
25
- <li>Malicious Traffic Filtering</li>
26
</ul>
27
</div>
28
</div>
@@ -53,8 +52,6 @@
53
</a>
54
</div>
55
56
- <iframe src="https://www.youtube-nocookie.com/embed/EVa9FY3nKuQ" height="250" class="sucuriscan-scanner-video" allowfullscreen></iframe>
57
-
58
<a href="https://wordpress.org/support/plugin/sucuri-scanner" target="_blank"
59
class="button button-primary sucuriscan-supportbtn">Visit Support Forum</a>
60
16
17
<div class="sucuriscan-ad-footer">
18
<ul>
19
+ <li>Sucuri Firewall</li>
20
+ <li>Protection . Performance . Security</li>
21
+ <li class="featured">Cloud-based WAF + DDoS Protection</li>
22
<li>Virtual Website Patching</li>
23
+ <li>Anycast CDN + Website Accelerator</li>
24
+ <li>All in one security for your site.</li>
25
</ul>
26
</div>
27
</div>
52
</a>
53
</div>
54
55
<a href="https://wordpress.org/support/plugin/sucuri-scanner" target="_blank"
56
class="button button-primary sucuriscan-supportbtn">Visit Support Forum</a>
57
inc/tpl/settings-apiservice-handler.html.tpl ADDED
@@ -0,0 +1,25 @@
1
+
2
+ <div class="postbox">
3
+ <h3>API Request Handler</h3>
4
+
5
+ <div class="inside">
6
+ <p>
7
+ Select which interface will be used to send the HTTP requests to the
8
+ external API services, the plugin will try to use the best option
9
+ automatically and rescue the requests when any of the options is not
10
+ available. Be sure to understand the purpose of this option before
11
+ you try to modify it.
12
+ </p>
13
+
14
+ <form action="%%SUCURI.URL.Settings%%#apiservice" method="post">
15
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
16
+ <span class="sucuriscan-input-group">
17
+ <label>HTTP Request Handler:</label>
18
+ <select name="sucuriscan_api_handler">
19
+ %%%SUCURI.ApiHandlerOptions%%%
20
+ </select>
21
+ </span>
22
+ <button type="submit" class="button-primary">Proceed</button>
23
+ </form>
24
+ </div>
25
+ </div>
inc/tpl/settings-apiservice.html.tpl CHANGED
@@ -6,6 +6,8 @@
6
7
%%%SUCURI.SettingsSection.ApiSSL%%%
8
9
%%%SUCURI.SettingsSection.ApiTimeout%%%
10
11
%%%SUCURI.SettingsSection.ApiProtocol%%%
6
7
%%%SUCURI.SettingsSection.ApiSSL%%%
8
9
+ %%%SUCURI.SettingsSection.ApiHandler%%%
10
+
11
%%%SUCURI.SettingsSection.ApiTimeout%%%
12
13
%%%SUCURI.SettingsSection.ApiProtocol%%%
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net
3
Donate Link: https://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least:3.2
6
- Stable tag: 1.7.18
7
Tested up to: 4.5.3
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
@@ -354,6 +354,11 @@ service from the WordPress dashboard.
354
355
== Changelog ==
356
357
= 1.7.18 =
358
* Added options library using external file instead of the database
359
* Modified API calls using custom HTTP request using Curl
3
Donate Link: https://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least:3.2
6
+ Stable tag: 1.7.19
7
Tested up to: 4.5.3
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
354
355
== Changelog ==
356
357
+ = 1.7.19 =
358
+ * Added function to rescue HTTP requests using sockets
359
+ * Fixed mishandled JSON data in audit logs Ajax request
360
+ * Modified list of CloudProxy features and promo video
361
+
362
= 1.7.18 =
363
* Added options library using external file instead of the database
364
* Modified API calls using custom HTTP request using Curl
sucuri.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Sucuri Security - Auditing, Malware Scanner and Hardening
4
Plugin URI: https://wordpress.sucuri.net/
5
Description: The <a href="https://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6
Author: Sucuri, INC
7
- Version: 1.7.18
8
Author URI: https://sucuri.net
9
*/
10
@@ -65,7 +65,7 @@ define('SUCURISCAN', 'sucuriscan');
65
/**
66
* Current version of the plugin's code.
67
*/
68
- define('SUCURISCAN_VERSION', '1.7.18');
69
70
/**
71
* The name of the Sucuri plugin main file.
@@ -269,6 +269,11 @@ if (defined('SUCURISCAN')) {
269
'false' => 'Stop peer\'s cert verification',
270
);
271
272
$sucuriscan_no_notices_in = array(
273
/* Value of the page parameter to ignore. */
274
);
@@ -2893,6 +2898,7 @@ class SucuriScanOption extends SucuriScanRequest
2893
$defaults = array(
2894
'sucuriscan_account' => '',
2895
'sucuriscan_addr_header' => 'HTTP_X_SUCURI_CLIENTIP',
2896
'sucuriscan_api_key' => false,
2897
'sucuriscan_api_protocol' => 'https',
2898
'sucuriscan_api_service' => 'enabled',
@@ -5186,6 +5192,7 @@ class SucuriScanAPI extends SucuriScanOption
5186
) {
5187
return array('unique' => $unique, 'output' => 'OK');
5188
} elseif ($unique === 'wphashes'
5189
&& array_key_exists('checksums', $response)
5190
&& is_array($response['checksums'])
5191
) {
@@ -5236,7 +5243,30 @@ class SucuriScanAPI extends SucuriScanOption
5236
* @param array $args Request arguments like the timeout, headers, cookies, etc.
5237
* @return array Response object after the HTTP request is executed.
5238
*/
5239
- private static function apiCall($url = '', $method = 'GET', $params = array(), $args = array())
5240
{
5241
if ($url
5242
&& function_exists('curl_init')
@@ -5293,13 +5323,117 @@ class SucuriScanAPI extends SucuriScanOption
5293
&& $headers['http_code'] === 200
5294
&& !empty($output)
5295
) {
5296
- $result = @json_decode($output, true);
5297
5298
- if ($result) {
5299
- return $result;
5300
}
5301
5302
- return $output;
5303
}
5304
}
5305
@@ -6220,17 +6354,16 @@ class SucuriScanAPI extends SucuriScanOption
6220
)
6221
);
6222
6223
- if ($response) {
6224
- if (array_key_exists('checksums', $response)
6225
- && !empty($response['checksums'])
6226
) {
6227
- if (count((array) $response['checksums']) <= 1
6228
- && array_key_exists($version, $response['checksums'])
6229
- ) {
6230
- return $response['checksums'][$version];
6231
- } else {
6232
- return $response['checksums'];
6233
- }
6234
}
6235
}
6236
@@ -10107,11 +10240,11 @@ function sucuriscan_audit_logs_ajax()
10107
10108
if ($audit_logs) {
10109
$counter_i = 0;
10110
- $total_items = count($audit_logs->output_data);
10111
$iterator_start = ($page_number - 1) * $max_per_page;
10112
10113
- if (property_exists($audit_logs, 'total_entries')
10114
- && $audit_logs->total_entries >= $max_per_page
10115
&& SucuriScanOption::is_disabled(':audit_report')
10116
) {
10117
$response['enable_report'] = true;
@@ -10122,8 +10255,8 @@ function sucuriscan_audit_logs_ajax()
10122
break;
10123
}
10124
10125
- if (isset($audit_logs->output_data[ $i ])) {
10126
- $audit_log = $audit_logs->output_data[ $i ];
10127
10128
$css_class = ($counter_i % 2 === 0) ? '' : 'alternate';
10129
$snippet_data = array(
@@ -14019,6 +14152,7 @@ function sucuriscan_settings_apiservice($nonce)
14019
$params['SettingsSection.ApiStatus'] = sucuriscan_settings_apiservice_status($nonce);
14020
$params['SettingsSection.ApiProxy'] = sucuriscan_settings_apiservice_proxy($nonce);
14021
$params['SettingsSection.ApiSSL'] = sucuriscan_settings_apiservice_ssl($nonce);
14022
$params['SettingsSection.ApiTimeout'] = sucuriscan_settings_apiservice_timeout($nonce);
14023
$params['SettingsSection.ApiProtocol'] = sucuriscan_settings_apiservice_https($nonce);
14024
@@ -14142,6 +14276,39 @@ function sucuriscan_settings_apiservice_ssl($nonce)
14142
return SucuriScanTemplate::getSection('settings-apiservice-ssl', $params);
14143
}
14144
14145
function sucuriscan_settings_apiservice_timeout($nonce)
14146
{
14147
$params = array();
4
Plugin URI: https://wordpress.sucuri.net/
5
Description: The <a href="https://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6
Author: Sucuri, INC
7
+ Version: 1.7.19
8
Author URI: https://sucuri.net
9
*/
10
65
/**
66
* Current version of the plugin's code.
67
*/
68
+ define('SUCURISCAN_VERSION', '1.7.19');
69
70
/**
71
* The name of the Sucuri plugin main file.
269
'false' => 'Stop peer\'s cert verification',
270
);
271
272
+ $sucuriscan_api_handlers = array(
273
+ 'curl' => 'Curl - libcurl',
274
+ 'socket' => 'Socket - fsockopen',
275
+ );
276
+
277
$sucuriscan_no_notices_in = array(
278
/* Value of the page parameter to ignore. */
279
);
2898
$defaults = array(
2899
'sucuriscan_account' => '',
2900
'sucuriscan_addr_header' => 'HTTP_X_SUCURI_CLIENTIP',
2901
+ 'sucuriscan_api_handler' => 'curl',
2902
'sucuriscan_api_key' => false,
2903
'sucuriscan_api_protocol' => 'https',
2904
'sucuriscan_api_service' => 'enabled',
5192
) {
5193
return array('unique' => $unique, 'output' => 'OK');
5194
} elseif ($unique === 'wphashes'
5195
+ && is_array($response)
5196
&& array_key_exists('checksums', $response)
5197
&& is_array($response['checksums'])
5198
) {
5243
* @param array $args Request arguments like the timeout, headers, cookies, etc.
5244
* @return array Response object after the HTTP request is executed.
5245
*/
5246
+ public static function apiCall($url = '', $method = 'GET', $params = array(), $args = array())
5247
+ {
5248
+ if ($url && ($method === 'GET' || $method === 'POST')) {
5249
+ $handler = SucuriScanOption::get_option(':api_handler');
5250
+
5251
+ if (!function_exists('curl_init') || $handler === 'socket') {
5252
+ $output = self::apiCallSocket($url, $method, $params, $args);
5253
+ } else {
5254
+ $output = self::apiCallCurl($url, $method, $params, $args);
5255
+ }
5256
+
5257
+ $result = @json_decode($output, true);
5258
+
5259
+ if ($result) {
5260
+ return $result;
5261
+ }
5262
+
5263
+ return $output;
5264
+ }
5265
+
5266
+ return false;
5267
+ }
5268
+
5269
+ private static function apiCallCurl($url = '', $method = 'GET', $params = array(), $args = array())
5270
{
5271
if ($url
5272
&& function_exists('curl_init')
5323
&& $headers['http_code'] === 200
5324
&& !empty($output)
5325
) {
5326
+ return $output;
5327
+ }
5328
+ }
5329
+
5330
+ return false;
5331
+ }
5332
+
5333
+ private static function apiCallSocket($url = '', $method = 'GET', $params = array(), $args = array())
5334
+ {
5335
+ if (function_exists('fsockopen')) {
5336
+ $url = self::apiUrlProtocol($url);
5337
+ $timeout = self::requestTimeout();
5338
+
5339
+ if (is_array($args) && isset($args['timeout'])) {
5340
+ $timeout = $args['timeout'];
5341
+ }
5342
+
5343
+ // Add random request parameter to avoid request reset.
5344
+ if (!empty($params) && !array_key_exists('time', $params)) {
5345
+ $params['time'] = time();
5346
+ }
5347
+
5348
+ if ($method === 'GET'
5349
+ && is_array($params)
5350
+ && !empty($params)
5351
+ ) {
5352
+ $url .= '?' . self::buildQuery($params);
5353
+ }
5354
+
5355
+ $url_parts = parse_url($url);
5356
+
5357
+ if (is_array($url_parts)
5358
+ && array_key_exists('host', $url_parts)
5359
+ && array_key_exists('scheme', $url_parts)
5360
+ ) {
5361
+ $host = $url_parts['host'];
5362
+ $path = '/';
5363
+ $port = 80;
5364
5365
+ if ($url_parts['scheme'] === 'https') {
5366
+ $host = sprintf('ssl://%s', $url_parts['host']);
5367
+ $port = 443;
5368
}
5369
5370
+ if (array_key_exists('path', $url_parts)) {
5371
+ $path = $url_parts['path'];
5372
+ }
5373
+
5374
+ if (array_key_exists('query', $url_parts)) {
5375
+ $path .= '?' . $url_parts['query'];
5376
+ }
5377
+
5378
+ $socket = fsockopen($host, $port, $errno, $errstr, $timeout);
5379
+
5380
+ if ($socket) {
5381
+ $headers = '';
5382
+ $response = '';
5383
+
5384
+ $out = sprintf("%s %s HTTP/1.1\r\n", $method, $path);
5385
+ $out .= "Accept: */*\r\n";
5386
+ $out .= sprintf("Host: %s\r\n", $url_parts['host']);
5387
+ $out .= sprintf("User-Agent: %s\r\n", self::userAgent());
5388
+ $out .= "Connection: Close\r\n";
5389
+
5390
+ if ($method === 'POST') {
5391
+ $query = self::buildQuery($params);
5392
+ $out .= sprintf("Content-Length: %s\r\n", strlen($query));
5393
+ $out .= "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n";
5394
+ $out .= "\r\n" . $query;
5395
+ }
5396
+
5397
+ fwrite($socket, $out . "\r\n");
5398
+
5399
+ while (strpos($headers, "\r\n\r\n") === false) {
5400
+ $headers .= fread($socket, 1);
5401
+ }
5402
+
5403
+ $chunk = '';
5404
+ $segmented = false;
5405
+
5406
+ while (!feof($socket)) {
5407
+ $byte = fread($socket, 1);
5408
+
5409
+ if ($byte === "\r") { /* CR */
5410
+ fread($socket, 1); /* LF */
5411
+
5412
+ if (strlen($chunk) <= 4) {
5413
+ /* Chunk size, ignore */
5414
+ } else {
5415
+ $segmented = true;
5416
+ $response .= $chunk;
5417
+ }
5418
+
5419
+ /* Reset and continue */
5420
+ $chunk = '';
5421
+ continue;
5422
+ }
5423
+
5424
+ $chunk .= $byte;
5425
+ }
5426
+
5427
+ if ($segmented === false) {
5428
+ $response = $chunk;
5429
+ }
5430
+
5431
+ fclose($socket);
5432
+
5433
+ if (strpos($headers, '200 OK')) {
5434
+ return $response;
5435
+ }
5436
+ }
5437
}
5438
}
5439
6354
)
6355
);
6356
6357
+ if (is_array($response)
6358
+ && array_key_exists('checksums', $response)
6359
+ && !empty($response['checksums'])
6360
+ ) {
6361
+ if (count((array) $response['checksums']) <= 1
6362
+ && array_key_exists($version, $response['checksums'])
6363
) {
6364
+ return $response['checksums'][$version];
6365
+ } else {
6366
+ return $response['checksums'];
6367
}
6368
}
6369
10240
10241
if ($audit_logs) {
10242
$counter_i = 0;
10243
+ $total_items = count($audit_logs['output_data']);
10244
$iterator_start = ($page_number - 1) * $max_per_page;
10245
10246
+ if (array_key_exists('total_entries', $audit_logs)
10247
+ && $audit_logs['total_entries'] >= $max_per_page
10248
&& SucuriScanOption::is_disabled(':audit_report')
10249
) {
10250
$response['enable_report'] = true;
10255
break;
10256
}
10257
10258
+ if (isset($audit_logs['output_data'][ $i ])) {
10259
+ $audit_log = $audit_logs['output_data'][ $i ];
10260
10261
$css_class = ($counter_i % 2 === 0) ? '' : 'alternate';
10262
$snippet_data = array(
14152
$params['SettingsSection.ApiStatus'] = sucuriscan_settings_apiservice_status($nonce);
14153
$params['SettingsSection.ApiProxy'] = sucuriscan_settings_apiservice_proxy($nonce);
14154
$params['SettingsSection.ApiSSL'] = sucuriscan_settings_apiservice_ssl($nonce);
14155
+ $params['SettingsSection.ApiHandler'] = sucuriscan_settings_apiservice_handler($nonce);
14156
$params['SettingsSection.ApiTimeout'] = sucuriscan_settings_apiservice_timeout($nonce);
14157
$params['SettingsSection.ApiProtocol'] = sucuriscan_settings_apiservice_https($nonce);
14158
14276
return SucuriScanTemplate::getSection('settings-apiservice-ssl', $params);
14277
}
14278
14279
+ function sucuriscan_settings_apiservice_handler($nonce)
14280
+ {
14281
+ global $sucuriscan_api_handlers;
14282
+
14283
+ $params = array();
14284
+
14285
+ // Update the configuration for the SSL certificate verification.
14286
+ if ($nonce) {
14287
+ $api_handler = SucuriScanRequest::post(':api_handler');
14288
+
14289
+ if ($api_handler) {
14290
+ if (array_key_exists($api_handler, $sucuriscan_api_handlers)) {
14291
+ $message = 'API request handler set to <code>' . $api_handler . '</code>';
14292
+
14293
+ SucuriScanOption::update_option(':api_handler', $api_handler);
14294
+ SucuriScanEvent::report_warning_event($message);
14295
+ SucuriScanEvent::notify_event('plugin_change', $message);
14296
+ SucuriScanInterface::info($message);
14297
+ } else {
14298
+ SucuriScanInterface::error('Invalid value for the API request handler.');
14299
+ }
14300
+ }
14301
+ }
14302
+
14303
+ $api_handler = SucuriScanOption::get_option(':api_handler');
14304
+ $params['ApiHandlerOptions'] = SucuriScanTemplate::selectOptions(
14305
+ $sucuriscan_api_handlers,
14306
+ $api_handler
14307
+ );
14308
+
14309
+ return SucuriScanTemplate::getSection('settings-apiservice-handler', $params);
14310
+ }
14311
+
14312
function sucuriscan_settings_apiservice_timeout($nonce)
14313
{
14314
$params = array();
uninstall.php CHANGED
@@ -20,6 +20,7 @@ $sucuriscan_option_names = array(
20
'account',
21
'addr_header',
22
'ads_visibility',
23
'api_key',
24
'api_protocol',
25
'api_service',
20
'account',
21
'addr_header',
22
'ads_visibility',
23
+ 'api_handler',
24
'api_key',
25
'api_protocol',
26
'api_service',