Wordfence Security – Firewall &amp; Malware Scan

Version Description

Fixed SQL error in code that checks if IP blockedTime has expired. Changed column type to signed.
Added detection of malicious injected titles with scripts or meta redirects.
Fixed bug introduced in previous release that prevents blocked IP's from being blocked.

Release Info

Developer	mmaunder
Plugin	Wordfence Security – Firewall & Malware Scan
Version	3.1.4
Comparing to
See all releases

Code changes from version 3.1.2 to 3.1.4

Files changed (8) hide show

lib/menu_scan.php +42 -0
lib/wfLog.php +1 -1
lib/wfScanEngine.php +17 -0
lib/wfUtils.php +1 -1
lib/wordfenceClass.php +2 -0
lib/wordfenceScanner.php +1 -1
readme.txt +6 -1
wordfence.php +2 -2

lib/menu_scan.php CHANGED Viewed

@@ -337,6 +337,48 @@
             </div>
             </div>
             </script>
             <script type="text/x-jquery-template" id="issueTmpl_postBadURL">
             <div>


337	</div>
338	</div>
339	</script>
340	+ <script type="text/x-jquery-template" id="issueTmpl_postBadTitle">
341	+ <div>
342	+ <div class="wfIssue">
343	+ <h2>${shortMsg}</h2>
344	+ <p>
345	+ <table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
346	+ <tr><th>Title:</th><td><strong class="wfWarn">${data.postTitle}</strong></td></tr>
347	+ <tr><th>Posted on:</th><td>${data.postDate}</td></tr>
348	+ {{if data.isMultisite}}
349	+ <tr><th>Multisite Blog ID:</th><td>${data.blog_id}</td></tr>
350	+ <tr><th>Multisite Blog Domain:</th><td>${data.domain}</td></tr>
351	+ <tr><th>Multisite Blog Path:</th><td>${data.path}</td></tr>
352	+ {{/if}}
353	+ <tr><th>Severity:</th><td>Critical</td></tr>
354	+ <tr><th>Status</th><td>
355	+ {{if status == 'new' }}New{{/if}}
356	+ {{if status == 'ignoreC' }}This bad title will be ignored in this ${data.type}.{{/if}}
357	+ {{if status == 'ignoreP' }}This post won't be scanned for bad titles.{{/if}}
358	+ </td></tr>
359	+ </table>
360	+ </p>
361	+ <p>
362	+ {{html longMsg}}
363	+ </p>
364	+ <div class="wfIssueOptions">
365	+ <strong>Tools:</strong>
366	+ <a target="_blank" href="${data.editPostLink}">Edit this ${data.type}</a>
367	+ </div>
368	+ <div class="wfIssueOptions">
369	+ {{if status == 'new'}}
370	+ <strong>Resolve:</strong>
371	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">I have fixed this issue</a>
372	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'ignoreC'); return false;">Ignore this title in this ${data.type}</a>
373	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'ignoreP'); return false;">Ignore all dangerous titles in this ${data.type}</a>
374	+ {{/if}}
375	+ {{if status == 'ignoreP' \|\| status == 'ignoreC'}}
376	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">Stop ignoring this issue</a>
377	+ {{/if}}
378	+ </div>
379	+ </div>
380	+ </div>
381	+ </script>
382
383	<script type="text/x-jquery-template" id="issueTmpl_postBadURL">
384	<div>

lib/wfLog.php CHANGED Viewed

	@@ -516,7 +516,7 @@ class wfLog {
516	}
517
518	$IP = wfUtils::inet_aton(wfUtils::getIP());
519	- if($rec = $this->getDB()->querySingleRec("select blockedTime, reason from " . $this->blocksTable . " where IP=%s and (permanent=1 OR (blockedTime + %s > unix_timestamp()))", ~~wfConfig::get('blockedTime'),~~ $IP, wfConfig::get('blockedTime'))){
520	$this->getDB()->query("update " . $this->blocksTable . " set lastAttempt=unix_timestamp(), blockedHits = blockedHits + 1 where IP=%s", $IP);
521	$now = $this->getDB()->querySingle("select unix_timestamp()");
522	$secsToGo = ($rec['blockedTime'] + wfConfig::get('blockedTime')) - $now;


516	}
517
518	$IP = wfUtils::inet_aton(wfUtils::getIP());
519	+ if($rec = $this->getDB()->querySingleRec("select blockedTime, reason from " . $this->blocksTable . " where IP=%s and (permanent=1 OR (blockedTime + %s > unix_timestamp()))", $IP, wfConfig::get('blockedTime'))){
520	$this->getDB()->query("update " . $this->blocksTable . " set lastAttempt=unix_timestamp(), blockedHits = blockedHits + 1 where IP=%s", $IP);
521	$now = $this->getDB()->querySingle("select unix_timestamp()");
522	$secsToGo = ($rec['blockedTime'] + wfConfig::get('blockedTime')) - $now;

lib/wfScanEngine.php CHANGED Viewed

@@ -336,6 +336,23 @@ class wfScanEngine {
             			$postID = $elem[1];
             			$row = $wfdb->querySingleRec("select ID, post_title, post_type, post_date, post_content from " . $blog['table'] . " where ID=%d", $postID);
             			$this->hoover->hoover($blog['blog_id'] . '-' . $row['ID'], $row['post_title'] . ' ' . $row['post_content']);
             			$this->scanData[$blog['blog_id'] . '-' . $row['ID']] = array(
             				'contentMD5' => md5($row['post_content']),
             				'title' => $row['post_title'],


336	$postID = $elem[1];
337	$row = $wfdb->querySingleRec("select ID, post_title, post_type, post_date, post_content from " . $blog['table'] . " where ID=%d", $postID);
338	$this->hoover->hoover($blog['blog_id'] . '-' . $row['ID'], $row['post_title'] . ' ' . $row['post_content']);
339	+ if(preg_match('/(?:<[\s\n\r\t]script[\r\s\n\t]+.>\|<[\s\n\r\t]meta.refresh)/i', $row['post_title'])){
340	+ $postID = $row['ID'];
341	+ $this->addIssue('postBadTitle', 1, $row['ID'], md5($row['post_title']), "Post title contains suspicious code", "This post contains code that is suspicious. Please check the title of the post and confirm that the code in the title is not malicious.", array(
342	+ 'postID' => $postID,
343	+ 'postTitle' => $row['post_title'],
344	+ 'permalink' => get_permalink($postID),
345	+ 'editPostLink' => get_edit_post_link($postID),
346	+ 'type' => $row['post_type'],
347	+ 'postDate' => $row['post_date'],
348	+ 'isMultisite' => $blog['isMultisite'],
349	+ 'domain' => $blog['domain'],
350	+ 'path' => $blog['path'],
351	+ 'blog_id' => $blog['blog_id']
352	+ ));
353	+ }
354	+
355	+
356	$this->scanData[$blog['blog_id'] . '-' . $row['ID']] = array(
357	'contentMD5' => md5($row['post_content']),
358	'title' => $row['post_title'],

lib/wfUtils.php CHANGED Viewed

	@@ -392,7 +392,7 @@ class wfUtils {
392	@ini_set('display_errors', self::$lastDisplayErrors);
393	if(class_exists('wfScan')){ wfScan::$errorHandlingOn = true; }
394	}
395	- public static function fileTooBig($file){
396	wfUtils::errorsOff();
397	$fh = @fopen($file, 'r');
398	wfUtils::errorsOn();


392	@ini_set('display_errors', self::$lastDisplayErrors);
393	if(class_exists('wfScan')){ wfScan::$errorHandlingOn = true; }
394	}
395	+ public static function fileTooBig($file){ //Deals with files > 2 gigs on 32 bit systems which are reported with the wrong size due to integer overflow
396	wfUtils::errorsOff();
397	$fh = @fopen($file, 'r');
398	wfUtils::errorsOn();

lib/wordfenceClass.php CHANGED Viewed

	@@ -223,6 +223,8 @@ class wordfence {
223	$db->queryIgnoreError("alter table $prefix"."wfConfig modify column val longblob");
224	$db->queryIgnoreError("alter table $prefix"."wfBlocks add column permanent tinyint UNSIGNED default 0");
225	$db->queryIgnoreError("alter table $prefix"."wfStatus modify column msg varchar(1000) NOT NULL");


226
227	//Must be the final line
228	}


223	$db->queryIgnoreError("alter table $prefix"."wfConfig modify column val longblob");
224	$db->queryIgnoreError("alter table $prefix"."wfBlocks add column permanent tinyint UNSIGNED default 0");
225	$db->queryIgnoreError("alter table $prefix"."wfStatus modify column msg varchar(1000) NOT NULL");
226	+ //3.1.2 to 3.1.4
227	+ $db->queryIgnoreError("alter table $prefix"."wfBlocks modify column blockedTime bigint signed NOT NULL");
228
229	//Must be the final line
230	}

lib/wordfenceScanner.php CHANGED Viewed

	@@ -64,7 +64,7 @@ class wordfenceScanner {
64	if(preg_match('/^(?:jpg\|jpeg\|mp3\|avi\|m4v\|gif\|png)$/', $fileExt)){
65	continue;
66	}
67	- if(wfUtils::fileTooBig($this->path . $file)){
68	//We should not need this check because files > 2 gigs are not hashed and therefore won't be received back as unknowns from the API server
69	//But we do it anyway to be safe.
70	wordfence::status(2, 'error', "Encountered file that is too large: $file - Skipping.");


64	if(preg_match('/^(?:jpg\|jpeg\|mp3\|avi\|m4v\|gif\|png)$/', $fileExt)){
65	continue;
66	}
67	+ if(wfUtils::fileTooBig($this->path . $file)){ //We can't use filesize on 32 bit systems for files > 2 gigs
68	//We should not need this check because files > 2 gigs are not hashed and therefore won't be received back as unknowns from the API server
69	//But we do it anyway to be safe.
70	wordfence::status(2, 'error', "Encountered file that is too large: $file - Skipping.");

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: mmaunder
3	Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4	Requires at least: 3.3.1
5	Tested up to: 3.4.1
6	- Stable tag: 3.1.2
7
8	Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
	@@ -152,6 +152,11 @@ or a theme, because often these have been updated to fix a security hole.
152	5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
153
154	== Changelog ==





155	= 3.1.2 =
156	* Fixed permanent IP blocking bug which caused permanently blocked IP's to no longer display in the list after some time, even though there were still blocked. (Incorrect SQL query)
157	* Fixed "Can't get admin ID" on scan starts for both MU and single site installs.


3	Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4	Requires at least: 3.3.1
5	Tested up to: 3.4.1
6	+ Stable tag: 3.1.4
7
8	Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9

152	5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
153
154	== Changelog ==
155	+ = 3.1.4 =
156	+ * Fixed SQL error in code that checks if IP blockedTime has expired. Changed column type to signed.
157	+ * Added detection of malicious injected titles with scripts or meta redirects.
158	+ * Fixed bug introduced in previous release that prevents blocked IP's from being blocked.
159	+
160	= 3.1.2 =
161	* Fixed permanent IP blocking bug which caused permanently blocked IP's to no longer display in the list after some time, even though there were still blocked. (Incorrect SQL query)
162	* Fixed "Can't get admin ID" on scan starts for both MU and single site installs.

wordfence.php CHANGED Viewed

	@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://wordfence.com/
5	Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6	Author: Mark Maunder
7	- Version: 3.1.2
8	Author URI: http://wordfence.com/
9	*/
10	- define('WORDFENCE_VERSION', '3.1.2');
11	if(! defined('WORDFENCE_VERSIONONLY_MODE')){
12	if((int) @ini_get('memory_limit') < 64){
13	@ini_set('memory_limit', '64M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.


4	Plugin URI: http://wordfence.com/
5	Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6	Author: Mark Maunder
7	+ Version: 3.1.4
8	Author URI: http://wordfence.com/
9	*/
10	+ define('WORDFENCE_VERSION', '3.1.4');
11	if(! defined('WORDFENCE_VERSIONONLY_MODE')){
12	if((int) @ini_get('memory_limit') < 64){
13	@ini_set('memory_limit', '64M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.

Wordfence Security – Firewall & Malware Scan - Version 3.1.4

Version Description

Release Info

Code changes from version 3.1.2 to 3.1.4