Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.7.19

Version Description

  • Added function to rescue HTTP requests using sockets
  • Fixed mishandled JSON data in audit logs Ajax request
  • Modified list of CloudProxy features and promo video
Download this release

Release Info

Developer yorman
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.7.19
Comparing to
See all releases

Code changes from version 1.7.18 to 1.7.19

Files changed (6) hide show
  1. inc/tpl/bsidebar.html.tpl +5 -8
  2. inc/tpl/settings-apiservice-handler.html.tpl +25 -0
  3. inc/tpl/settings-apiservice.html.tpl +2 -0
  4. readme.txt +6 -1
  5. sucuri.php +189 -22
  6. uninstall.php +1 -0
inc/tpl/bsidebar.html.tpl CHANGED
@@ -16,13 +16,12 @@
16
 
17
  <div class="sucuriscan-ad-footer">
18
  <ul>
19
- <li>Sucuri CloudProxy Firewall</li>
20
- <li class="featured">Stopping 33M+ attacks a month</li>
21
- <li>Web Application Firewall Protection</li>
22
  <li>Virtual Website Patching</li>
23
- <li>Cloud Intrusion Prevention System</li>
24
- <li>High Security Website Monitoring</li>
25
- <li>Malicious Traffic Filtering</li>
26
  </ul>
27
  </div>
28
  </div>
@@ -53,8 +52,6 @@
53
  </a>
54
  </div>
55
 
56
- <iframe src="https://www.youtube-nocookie.com/embed/EVa9FY3nKuQ" height="250" class="sucuriscan-scanner-video" allowfullscreen></iframe>
57
-
58
  <a href="https://wordpress.org/support/plugin/sucuri-scanner" target="_blank"
59
  class="button button-primary sucuriscan-supportbtn">Visit Support Forum</a>
60
 
16
 
17
  <div class="sucuriscan-ad-footer">
18
  <ul>
19
+ <li>Sucuri Firewall</li>
20
+ <li>Protection . Performance . Security</li>
21
+ <li class="featured">Cloud-based WAF + DDoS Protection</li>
22
  <li>Virtual Website Patching</li>
23
+ <li>Anycast CDN + Website Accelerator</li>
24
+ <li>All in one security for your site.</li>
 
25
  </ul>
26
  </div>
27
  </div>
52
  </a>
53
  </div>
54
 
 
 
55
  <a href="https://wordpress.org/support/plugin/sucuri-scanner" target="_blank"
56
  class="button button-primary sucuriscan-supportbtn">Visit Support Forum</a>
57
 
inc/tpl/settings-apiservice-handler.html.tpl ADDED
@@ -0,0 +1,25 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+
2
+ <div class="postbox">
3
+ <h3>API Request Handler</h3>
4
+
5
+ <div class="inside">
6
+ <p>
7
+ Select which interface will be used to send the HTTP requests to the
8
+ external API services, the plugin will try to use the best option
9
+ automatically and rescue the requests when any of the options is not
10
+ available. Be sure to understand the purpose of this option before
11
+ you try to modify it.
12
+ </p>
13
+
14
+ <form action="%%SUCURI.URL.Settings%%#apiservice" method="post">
15
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
16
+ <span class="sucuriscan-input-group">
17
+ <label>HTTP Request Handler:</label>
18
+ <select name="sucuriscan_api_handler">
19
+ %%%SUCURI.ApiHandlerOptions%%%
20
+ </select>
21
+ </span>
22
+ <button type="submit" class="button-primary">Proceed</button>
23
+ </form>
24
+ </div>
25
+ </div>
inc/tpl/settings-apiservice.html.tpl CHANGED
@@ -6,6 +6,8 @@
6
 
7
  %%%SUCURI.SettingsSection.ApiSSL%%%
8
 
 
 
9
  %%%SUCURI.SettingsSection.ApiTimeout%%%
10
 
11
  %%%SUCURI.SettingsSection.ApiProtocol%%%
6
 
7
  %%%SUCURI.SettingsSection.ApiSSL%%%
8
 
9
+ %%%SUCURI.SettingsSection.ApiHandler%%%
10
+
11
  %%%SUCURI.SettingsSection.ApiTimeout%%%
12
 
13
  %%%SUCURI.SettingsSection.ApiProtocol%%%
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: dd@sucuri.net
3
  Donate Link: https://sucuri.net/
4
  Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
  Requires at least:3.2
6
- Stable tag: 1.7.18
7
  Tested up to: 4.5.3
8
 
9
  The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
@@ -354,6 +354,11 @@ service from the WordPress dashboard.
354
 
355
  == Changelog ==
356
 
 
 
 
 
 
357
  = 1.7.18 =
358
  * Added options library using external file instead of the database
359
  * Modified API calls using custom HTTP request using Curl
3
  Donate Link: https://sucuri.net/
4
  Tags: malware, security, firewall, scan, spam, virus, sucuri, protection,WordPress Security, Login Security,Security Auditing,File Integrity,htaccess,phishing,backdoors,SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
  Requires at least:3.2
6
+ Stable tag: 1.7.19
7
  Tested up to: 4.5.3
8
 
9
  The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
354
 
355
  == Changelog ==
356
 
357
+ = 1.7.19 =
358
+ * Added function to rescue HTTP requests using sockets
359
+ * Fixed mishandled JSON data in audit logs Ajax request
360
+ * Modified list of CloudProxy features and promo video
361
+
362
  = 1.7.18 =
363
  * Added options library using external file instead of the database
364
  * Modified API calls using custom HTTP request using Curl
sucuri.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Sucuri Security - Auditing, Malware Scanner and Hardening
4
  Plugin URI: https://wordpress.sucuri.net/
5
  Description: The <a href="https://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6
  Author: Sucuri, INC
7
- Version: 1.7.18
8
  Author URI: https://sucuri.net
9
  */
10
 
@@ -65,7 +65,7 @@ define('SUCURISCAN', 'sucuriscan');
65
  /**
66
  * Current version of the plugin's code.
67
  */
68
- define('SUCURISCAN_VERSION', '1.7.18');
69
 
70
  /**
71
  * The name of the Sucuri plugin main file.
@@ -269,6 +269,11 @@ if (defined('SUCURISCAN')) {
269
  'false' => 'Stop peer\'s cert verification',
270
  );
271
 
 
 
 
 
 
272
  $sucuriscan_no_notices_in = array(
273
  /* Value of the page parameter to ignore. */
274
  );
@@ -2893,6 +2898,7 @@ class SucuriScanOption extends SucuriScanRequest
2893
  $defaults = array(
2894
  'sucuriscan_account' => '',
2895
  'sucuriscan_addr_header' => 'HTTP_X_SUCURI_CLIENTIP',
 
2896
  'sucuriscan_api_key' => false,
2897
  'sucuriscan_api_protocol' => 'https',
2898
  'sucuriscan_api_service' => 'enabled',
@@ -5186,6 +5192,7 @@ class SucuriScanAPI extends SucuriScanOption
5186
  ) {
5187
  return array('unique' => $unique, 'output' => 'OK');
5188
  } elseif ($unique === 'wphashes'
 
5189
  && array_key_exists('checksums', $response)
5190
  && is_array($response['checksums'])
5191
  ) {
@@ -5236,7 +5243,30 @@ class SucuriScanAPI extends SucuriScanOption
5236
  * @param array $args Request arguments like the timeout, headers, cookies, etc.
5237
  * @return array Response object after the HTTP request is executed.
5238
  */
5239
- private static function apiCall($url = '', $method = 'GET', $params = array(), $args = array())
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
5240
  {
5241
  if ($url
5242
  && function_exists('curl_init')
@@ -5293,13 +5323,117 @@ class SucuriScanAPI extends SucuriScanOption
5293
  && $headers['http_code'] === 200
5294
  && !empty($output)
5295
  ) {
5296
- $result = @json_decode($output, true);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
5297
 
5298
- if ($result) {
5299
- return $result;
 
5300
  }
5301
 
5302
- return $output;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
5303
  }
5304
  }
5305
 
@@ -6220,17 +6354,16 @@ class SucuriScanAPI extends SucuriScanOption
6220
  )
6221
  );
6222
 
6223
- if ($response) {
6224
- if (array_key_exists('checksums', $response)
6225
- && !empty($response['checksums'])
 
 
 
6226
  ) {
6227
- if (count((array) $response['checksums']) <= 1
6228
- && array_key_exists($version, $response['checksums'])
6229
- ) {
6230
- return $response['checksums'][$version];
6231
- } else {
6232
- return $response['checksums'];
6233
- }
6234
  }
6235
  }
6236
 
@@ -10107,11 +10240,11 @@ function sucuriscan_audit_logs_ajax()
10107
 
10108
  if ($audit_logs) {
10109
  $counter_i = 0;
10110
- $total_items = count($audit_logs->output_data);
10111
  $iterator_start = ($page_number - 1) * $max_per_page;
10112
 
10113
- if (property_exists($audit_logs, 'total_entries')
10114
- && $audit_logs->total_entries >= $max_per_page
10115
  && SucuriScanOption::is_disabled(':audit_report')
10116
  ) {
10117
  $response['enable_report'] = true;
@@ -10122,8 +10255,8 @@ function sucuriscan_audit_logs_ajax()
10122
  break;
10123
  }
10124
 
10125
- if (isset($audit_logs->output_data[ $i ])) {
10126
- $audit_log = $audit_logs->output_data[ $i ];
10127
 
10128
  $css_class = ($counter_i % 2 === 0) ? '' : 'alternate';
10129
  $snippet_data = array(
@@ -14019,6 +14152,7 @@ function sucuriscan_settings_apiservice($nonce)
14019
  $params['SettingsSection.ApiStatus'] = sucuriscan_settings_apiservice_status($nonce);
14020
  $params['SettingsSection.ApiProxy'] = sucuriscan_settings_apiservice_proxy($nonce);
14021
  $params['SettingsSection.ApiSSL'] = sucuriscan_settings_apiservice_ssl($nonce);
 
14022
  $params['SettingsSection.ApiTimeout'] = sucuriscan_settings_apiservice_timeout($nonce);
14023
  $params['SettingsSection.ApiProtocol'] = sucuriscan_settings_apiservice_https($nonce);
14024
 
@@ -14142,6 +14276,39 @@ function sucuriscan_settings_apiservice_ssl($nonce)
14142
  return SucuriScanTemplate::getSection('settings-apiservice-ssl', $params);
14143
  }
14144
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
14145
  function sucuriscan_settings_apiservice_timeout($nonce)
14146
  {
14147
  $params = array();
4
  Plugin URI: https://wordpress.sucuri.net/
5
  Description: The <a href="https://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
6
  Author: Sucuri, INC
7
+ Version: 1.7.19
8
  Author URI: https://sucuri.net
9
  */
10
 
65
  /**
66
  * Current version of the plugin's code.
67
  */
68
+ define('SUCURISCAN_VERSION', '1.7.19');
69
 
70
  /**
71
  * The name of the Sucuri plugin main file.
269
  'false' => 'Stop peer\'s cert verification',
270
  );
271
 
272
+ $sucuriscan_api_handlers = array(
273
+ 'curl' => 'Curl - libcurl',
274
+ 'socket' => 'Socket - fsockopen',
275
+ );
276
+
277
  $sucuriscan_no_notices_in = array(
278
  /* Value of the page parameter to ignore. */
279
  );
2898
  $defaults = array(
2899
  'sucuriscan_account' => '',
2900
  'sucuriscan_addr_header' => 'HTTP_X_SUCURI_CLIENTIP',
2901
+ 'sucuriscan_api_handler' => 'curl',
2902
  'sucuriscan_api_key' => false,
2903
  'sucuriscan_api_protocol' => 'https',
2904
  'sucuriscan_api_service' => 'enabled',
5192
  ) {
5193
  return array('unique' => $unique, 'output' => 'OK');
5194
  } elseif ($unique === 'wphashes'
5195
+ && is_array($response)
5196
  && array_key_exists('checksums', $response)
5197
  && is_array($response['checksums'])
5198
  ) {
5243
  * @param array $args Request arguments like the timeout, headers, cookies, etc.
5244
  * @return array Response object after the HTTP request is executed.
5245
  */
5246
+ public static function apiCall($url = '', $method = 'GET', $params = array(), $args = array())
5247
+ {
5248
+ if ($url && ($method === 'GET' || $method === 'POST')) {
5249
+ $handler = SucuriScanOption::get_option(':api_handler');
5250
+
5251
+ if (!function_exists('curl_init') || $handler === 'socket') {
5252
+ $output = self::apiCallSocket($url, $method, $params, $args);
5253
+ } else {
5254
+ $output = self::apiCallCurl($url, $method, $params, $args);
5255
+ }
5256
+
5257
+ $result = @json_decode($output, true);
5258
+
5259
+ if ($result) {
5260
+ return $result;
5261
+ }
5262
+
5263
+ return $output;
5264
+ }
5265
+
5266
+ return false;
5267
+ }
5268
+
5269
+ private static function apiCallCurl($url = '', $method = 'GET', $params = array(), $args = array())
5270
  {
5271
  if ($url
5272
  && function_exists('curl_init')
5323
  && $headers['http_code'] === 200
5324
  && !empty($output)
5325
  ) {
5326
+ return $output;
5327
+ }
5328
+ }
5329
+
5330
+ return false;
5331
+ }
5332
+
5333
+ private static function apiCallSocket($url = '', $method = 'GET', $params = array(), $args = array())
5334
+ {
5335
+ if (function_exists('fsockopen')) {
5336
+ $url = self::apiUrlProtocol($url);
5337
+ $timeout = self::requestTimeout();
5338
+
5339
+ if (is_array($args) && isset($args['timeout'])) {
5340
+ $timeout = $args['timeout'];
5341
+ }
5342
+
5343
+ // Add random request parameter to avoid request reset.
5344
+ if (!empty($params) && !array_key_exists('time', $params)) {
5345
+ $params['time'] = time();
5346
+ }
5347
+
5348
+ if ($method === 'GET'
5349
+ && is_array($params)
5350
+ && !empty($params)
5351
+ ) {
5352
+ $url .= '?' . self::buildQuery($params);
5353
+ }
5354
+
5355
+ $url_parts = parse_url($url);
5356
+
5357
+ if (is_array($url_parts)
5358
+ && array_key_exists('host', $url_parts)
5359
+ && array_key_exists('scheme', $url_parts)
5360
+ ) {
5361
+ $host = $url_parts['host'];
5362
+ $path = '/';
5363
+ $port = 80;
5364
 
5365
+ if ($url_parts['scheme'] === 'https') {
5366
+ $host = sprintf('ssl://%s', $url_parts['host']);
5367
+ $port = 443;
5368
  }
5369
 
5370
+ if (array_key_exists('path', $url_parts)) {
5371
+ $path = $url_parts['path'];
5372
+ }
5373
+
5374
+ if (array_key_exists('query', $url_parts)) {
5375
+ $path .= '?' . $url_parts['query'];
5376
+ }
5377
+
5378
+ $socket = fsockopen($host, $port, $errno, $errstr, $timeout);
5379
+
5380
+ if ($socket) {
5381
+ $headers = '';
5382
+ $response = '';
5383
+
5384
+ $out = sprintf("%s %s HTTP/1.1\r\n", $method, $path);
5385
+ $out .= "Accept: */*\r\n";
5386
+ $out .= sprintf("Host: %s\r\n", $url_parts['host']);
5387
+ $out .= sprintf("User-Agent: %s\r\n", self::userAgent());
5388
+ $out .= "Connection: Close\r\n";
5389
+
5390
+ if ($method === 'POST') {
5391
+ $query = self::buildQuery($params);
5392
+ $out .= sprintf("Content-Length: %s\r\n", strlen($query));
5393
+ $out .= "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n";
5394
+ $out .= "\r\n" . $query;
5395
+ }
5396
+
5397
+ fwrite($socket, $out . "\r\n");
5398
+
5399
+ while (strpos($headers, "\r\n\r\n") === false) {
5400
+ $headers .= fread($socket, 1);
5401
+ }
5402
+
5403
+ $chunk = '';
5404
+ $segmented = false;
5405
+
5406
+ while (!feof($socket)) {
5407
+ $byte = fread($socket, 1);
5408
+
5409
+ if ($byte === "\r") { /* CR */
5410
+ fread($socket, 1); /* LF */
5411
+
5412
+ if (strlen($chunk) <= 4) {
5413
+ /* Chunk size, ignore */
5414
+ } else {
5415
+ $segmented = true;
5416
+ $response .= $chunk;
5417
+ }
5418
+
5419
+ /* Reset and continue */
5420
+ $chunk = '';
5421
+ continue;
5422
+ }
5423
+
5424
+ $chunk .= $byte;
5425
+ }
5426
+
5427
+ if ($segmented === false) {
5428
+ $response = $chunk;
5429
+ }
5430
+
5431
+ fclose($socket);
5432
+
5433
+ if (strpos($headers, '200 OK')) {
5434
+ return $response;
5435
+ }
5436
+ }
5437
  }
5438
  }
5439
 
6354
  )
6355
  );
6356
 
6357
+ if (is_array($response)
6358
+ && array_key_exists('checksums', $response)
6359
+ && !empty($response['checksums'])
6360
+ ) {
6361
+ if (count((array) $response['checksums']) <= 1
6362
+ && array_key_exists($version, $response['checksums'])
6363
  ) {
6364
+ return $response['checksums'][$version];
6365
+ } else {
6366
+ return $response['checksums'];
 
 
 
 
6367
  }
6368
  }
6369
 
10240
 
10241
  if ($audit_logs) {
10242
  $counter_i = 0;
10243
+ $total_items = count($audit_logs['output_data']);
10244
  $iterator_start = ($page_number - 1) * $max_per_page;
10245
 
10246
+ if (array_key_exists('total_entries', $audit_logs)
10247
+ && $audit_logs['total_entries'] >= $max_per_page
10248
  && SucuriScanOption::is_disabled(':audit_report')
10249
  ) {
10250
  $response['enable_report'] = true;
10255
  break;
10256
  }
10257
 
10258
+ if (isset($audit_logs['output_data'][ $i ])) {
10259
+ $audit_log = $audit_logs['output_data'][ $i ];
10260
 
10261
  $css_class = ($counter_i % 2 === 0) ? '' : 'alternate';
10262
  $snippet_data = array(
14152
  $params['SettingsSection.ApiStatus'] = sucuriscan_settings_apiservice_status($nonce);
14153
  $params['SettingsSection.ApiProxy'] = sucuriscan_settings_apiservice_proxy($nonce);
14154
  $params['SettingsSection.ApiSSL'] = sucuriscan_settings_apiservice_ssl($nonce);
14155
+ $params['SettingsSection.ApiHandler'] = sucuriscan_settings_apiservice_handler($nonce);
14156
  $params['SettingsSection.ApiTimeout'] = sucuriscan_settings_apiservice_timeout($nonce);
14157
  $params['SettingsSection.ApiProtocol'] = sucuriscan_settings_apiservice_https($nonce);
14158
 
14276
  return SucuriScanTemplate::getSection('settings-apiservice-ssl', $params);
14277
  }
14278
 
14279
+ function sucuriscan_settings_apiservice_handler($nonce)
14280
+ {
14281
+ global $sucuriscan_api_handlers;
14282
+
14283
+ $params = array();
14284
+
14285
+ // Update the configuration for the SSL certificate verification.
14286
+ if ($nonce) {
14287
+ $api_handler = SucuriScanRequest::post(':api_handler');
14288
+
14289
+ if ($api_handler) {
14290
+ if (array_key_exists($api_handler, $sucuriscan_api_handlers)) {
14291
+ $message = 'API request handler set to <code>' . $api_handler . '</code>';
14292
+
14293
+ SucuriScanOption::update_option(':api_handler', $api_handler);
14294
+ SucuriScanEvent::report_warning_event($message);
14295
+ SucuriScanEvent::notify_event('plugin_change', $message);
14296
+ SucuriScanInterface::info($message);
14297
+ } else {
14298
+ SucuriScanInterface::error('Invalid value for the API request handler.');
14299
+ }
14300
+ }
14301
+ }
14302
+
14303
+ $api_handler = SucuriScanOption::get_option(':api_handler');
14304
+ $params['ApiHandlerOptions'] = SucuriScanTemplate::selectOptions(
14305
+ $sucuriscan_api_handlers,
14306
+ $api_handler
14307
+ );
14308
+
14309
+ return SucuriScanTemplate::getSection('settings-apiservice-handler', $params);
14310
+ }
14311
+
14312
  function sucuriscan_settings_apiservice_timeout($nonce)
14313
  {
14314
  $params = array();
uninstall.php CHANGED
@@ -20,6 +20,7 @@ $sucuriscan_option_names = array(
20
  'account',
21
  'addr_header',
22
  'ads_visibility',
 
23
  'api_key',
24
  'api_protocol',
25
  'api_service',
20
  'account',
21
  'addr_header',
22
  'ads_visibility',
23
+ 'api_handler',
24
  'api_key',
25
  'api_protocol',
26
  'api_service',