Cerber Security & Antispam

Version Description

New: You can specify the "User-Agent" string for requests from the main (master) Cerber.Hub website by defining the PHP constant CERBER_HUB_UA in the wp-config.php file.
New: Diagnostic logging for network requests to the WP Cerber cloud. To enable logging, define the PHP constant CERBER_CLOUD_DEBUG in the wp-config.php file. Logging covers admin operations on the WP Cerber admin pages only. Fixed bug: "PHP Fatal error: Call to undefined function crb_admin_hash_token() in cerber-load.php:1521". Fixed bug: "PHP Notice: Undefined property: WP_Error::$ID in cerber-load.php on line 1131".

Release Info

Developer	Gioni
Plugin	Cerber Security & Antispam
Version	8.8.6
Comparing to
See all releases

Code changes from version 8.8.5 to 8.8.6

Files changed (11) hide show

admin/cerber-dashboard.php +4 -1
admin/cerber-users.php +1 -19
cerber-common.php +49 -0
cerber-lab.php +17 -2
cerber-load.php +12 -3
cerber-scanner.php +43 -30
changelog.txt +6 -0
nexus/cerber-nexus-master.php +9 -3
nexus/cerber-nexus.php +1 -1
readme.txt +6 -0
wp-cerber.php +2 -2

admin/cerber-dashboard.php CHANGED Viewed

	@@ -814,6 +814,9 @@ function cerber_admin_request( $is_post = false ) {
814	case 'install_key':
815	$lic = preg_replace( "/[^A-Z0-9]/i", '', crb_array_get( $post, 'cerber_license' ) );
816	if ( ( strlen( $lic ) == LAB_KEY_LENGTH ) \|\| empty( $lic ) ) {



817	lab_update_key( $lic );
818
819	if ( $lic ) {
	@@ -3184,7 +3187,7 @@ function cerber_admin_head() {
3184	crb_admin_tab = '<?php echo crb_admin_get_tab(); ?>';
3185	crb_user_locale = '<?php echo substr( get_user_locale(), 0, 6 ); ?>';
3186
3187	- crb_scan_msg_steps = <?php echo json_encode( ~~cerber_step_desc~~() ); ?>;
3188	crb_scan_msg_issues = <?php echo json_encode( cerber_get_issue_label() ); ?>;
3189	crb_scan_msg_risks = <?php echo json_encode( cerber_get_risk_label() ); ?>;
3190	crb_scan_msg_misc = <?php echo json_encode( array(


814	case 'install_key':
815	$lic = preg_replace( "/[^A-Z0-9]/i", '', crb_array_get( $post, 'cerber_license' ) );
816	if ( ( strlen( $lic ) == LAB_KEY_LENGTH ) \|\| empty( $lic ) ) {
817	+ lab_cleanup_cache();
818	+ cerber_delete_expired_set( true );
819	+
820	lab_update_key( $lic );
821
822	if ( $lic ) {

3187	crb_admin_tab = '<?php echo crb_admin_get_tab(); ?>';
3188	crb_user_locale = '<?php echo substr( get_user_locale(), 0, 6 ); ?>';
3189
3190	+ crb_scan_msg_steps = <?php echo json_encode( cerber_get_step_description() ); ?>;
3191	crb_scan_msg_issues = <?php echo json_encode( cerber_get_issue_label() ); ?>;
3192	crb_scan_msg_risks = <?php echo json_encode( cerber_get_risk_label() ); ?>;
3193	crb_scan_msg_misc = <?php echo json_encode( array(

admin/cerber-users.php CHANGED Viewed

	@@ -598,31 +598,13 @@ function crb_destroy_user_sessions( $user_id ) {
598	$manager->destroy_all();
599	}
600
601	- /**
602	- * Return a "session verifier" to identify the current admin session among others admin sessions
603	- *
604	- * Copy of WP_Session_Tokens->hash_token();
605	- *
606	- * @param $token
607	- *
608	- * @return string
609	- */
610	- function crb_admin_hash_token( $token ) {
611	- // If ext/hash is not present, use sha1() instead.
612	- if ( function_exists( 'hash' ) ) {
613	- return hash( 'sha256', $token );
614	- } else {
615	- return sha1( $token );
616	- }
617	- }
618	-
619	function crb_admin_is_current_session( $session_id ) {
620	static $st = null;
621	if ( $st === null ) {
622	$st = wp_get_session_token();
623	}
624
625	- return ( $session_id === ~~crb_admin_hash_token~~( $st ) );
626	}
627
628	function crb_admin_get_user_cell( $user_id = null, $base_url = '', $text = '', $label = '' ) {


598	$manager->destroy_all();
599	}
600


















601	function crb_admin_is_current_session( $session_id ) {
602	static $st = null;
603	if ( $st === null ) {
604	$st = wp_get_session_token();
605	}
606
607	+ return ( $session_id === cerber_hash_token( $st ) );
608	}
609
610	function crb_admin_get_user_cell( $user_id = null, $base_url = '', $text = '', $label = '' ) {

cerber-common.php CHANGED Viewed

	@@ -44,6 +44,9 @@ const CRB_GROOVE = 'cerber_groove';
44
45	const CRB_EV_LFL = 53;
46



47	/**
48	* Known WP scripts
49	* @since 6.0
	@@ -447,6 +450,10 @@ function cerber_check_environment() {
447	cerber_admin_notice( sprintf( __( 'WP Cerber requires WordPress %s or higher. You are running %s', 'wp-cerber' ), CERBER_REQ_WP, cerber_get_wp_version() ) );
448	}
449




450	if ( ( time() - 120 ) < cerber_get_set( '_check_env', 0, false ) ) {
451	return;
452	}
	@@ -1599,6 +1606,8 @@ function cerber_get_labels( $type = 'activity' ) {
1599	$sts[39] = __( 'Invalid cookies', 'wp-cerber' );
1600	$sts[40] = __( 'Invalid cookies cleared', 'wp-cerber' );
1601	$sts[50] = __( 'Forbidden URL', 'wp-cerber' );


1602
1603	// @since 8.6.4
1604	$sts[500] = __( 'IP whitelisted', 'wp-cerber' );
	@@ -2132,6 +2141,11 @@ function cerber_real_escape( $str ) {
2132	return '';
2133	}
2134





2135	function cerber_db_get_errors( $erase = false ) {
2136	global $cerber_db_errors;
2137
	@@ -3135,6 +3149,10 @@ function crb_getallheaders() {
3135	return $headers;
3136	}
3137




3138	function cerber_error_log( $msg, $source = '' ) {
3139	//if ( crb_get_settings( 'log_errors' ) ) {
3140	cerber_diag_log( $msg, $source, true );
	@@ -3151,9 +3169,18 @@ function cerber_error_log( $msg, $source = '' ) {
3151	* @return bool\|int
3152	*/
3153	function cerber_diag_log( $msg, $source = '', $error = false ) {








3154	if ( ! $msg \|\| ! $log = @fopen( cerber_get_diag_log(), 'a' ) ) {
3155	return false;
3156	}

3157	if ( $source ) {
3158	$source = '[' . $source . ']';
3159	}
	@@ -3165,6 +3192,9 @@ function cerber_diag_log( $msg, $source = '', $error = false ) {
3165	}
3166
3167	foreach ( $msg as $line ) {



3168	//$ret = @fwrite( $log, '[' .cerber_get_remote_ip(). '][' . cerber_date( time() ) . ']' . $source . ' ' . $line . PHP_EOL );
3169	$ret = @fwrite( $log, '[' . cerber_date( time(), false ) . ']' . $source . ' ' . $line . PHP_EOL );
3170	}
	@@ -3572,6 +3602,25 @@ function crb_was_activated( $ago ) {
3572	return ( ( (int) crb_array_get( $actvd, 'time' ) + $ago ) <= time() );
3573	}
3574



















3575	// The key-value cache
3576
3577	final class CRB_Cache {


44
45	const CRB_EV_LFL = 53;
46
47	+ const CRB_STS_51 = 51;
48	+ const CRB_STS_52 = 52;
49	+
50	/**
51	* Known WP scripts
52	* @since 6.0

450	cerber_admin_notice( sprintf( __( 'WP Cerber requires WordPress %s or higher. You are running %s', 'wp-cerber' ), CERBER_REQ_WP, cerber_get_wp_version() ) );
451	}
452
453	+ if ( defined( 'CERBER_CLOUD_DEBUG' ) ) {
454	+ cerber_admin_notice( 'Warning: Diagnostic logging of cloud requests is enabled.' );
455	+ }
456	+
457	if ( ( time() - 120 ) < cerber_get_set( '_check_env', 0, false ) ) {
458	return;
459	}

1606	$sts[39] = __( 'Invalid cookies', 'wp-cerber' );
1607	$sts[40] = __( 'Invalid cookies cleared', 'wp-cerber' );
1608	$sts[50] = __( 'Forbidden URL', 'wp-cerber' );
1609	+ $sts[CRB_STS_51] = __( 'Executable file extension detected', 'wp-cerber' );
1610	+ $sts[CRB_STS_52] = __( 'Filename is prohibited', 'wp-cerber' );
1611
1612	// @since 8.6.4
1613	$sts[500] = __( 'IP whitelisted', 'wp-cerber' );

2141	return '';
2142	}
2143
2144	+ /**
2145	+ * @param false $erase
2146	+ *
2147	+ * @return array
2148	+ */
2149	function cerber_db_get_errors( $erase = false ) {
2150	global $cerber_db_errors;
2151

3149	return $headers;
3150	}
3151
3152	+ /**
3153	+ * @param $msg
3154	+ * @param string $source
3155	+ */
3156	function cerber_error_log( $msg, $source = '' ) {
3157	//if ( crb_get_settings( 'log_errors' ) ) {
3158	cerber_diag_log( $msg, $source, true );

3169	* @return bool\|int
3170	*/
3171	function cerber_diag_log( $msg, $source = '', $error = false ) {
3172	+
3173	+ if ( $source == 'CLOUD' ) {
3174	+ if ( ! defined( 'CERBER_CLOUD_DEBUG' )
3175	+ \|\| ( ! defined( 'WP_ADMIN' ) && ! defined( 'WP_NETWORK_ADMIN' ) ) ) {
3176	+ return;
3177	+ }
3178	+ }
3179	+
3180	if ( ! $msg \|\| ! $log = @fopen( cerber_get_diag_log(), 'a' ) ) {
3181	return false;
3182	}
3183	+
3184	if ( $source ) {
3185	$source = '[' . $source . ']';
3186	}

3192	}
3193
3194	foreach ( $msg as $line ) {
3195	+ if ( is_array( $line ) ) {
3196	+ $line = print_r( $line, 1 ); // workaround for $cerber_db_errors
3197	+ }
3198	//$ret = @fwrite( $log, '[' .cerber_get_remote_ip(). '][' . cerber_date( time() ) . ']' . $source . ' ' . $line . PHP_EOL );
3199	$ret = @fwrite( $log, '[' . cerber_date( time(), false ) . ']' . $source . ' ' . $line . PHP_EOL );
3200	}

3602	return ( ( (int) crb_array_get( $actvd, 'time' ) + $ago ) <= time() );
3603	}
3604
3605	+ /**
3606	+ * Return a "session verifier" to identify the current admin session among others admin sessions
3607	+ *
3608	+ * Copy of WP_Session_Tokens->hash_token();
3609	+ *
3610	+ * @param $token
3611	+ *
3612	+ * @return string
3613	+ */
3614	+ function cerber_hash_token( $token ) {
3615	+ // If ext/hash is not present, use sha1() instead.
3616	+ if ( function_exists( 'hash' ) ) {
3617	+ return hash( 'sha256', $token );
3618	+ }
3619	+ else {
3620	+ return sha1( $token );
3621	+ }
3622	+ }
3623	+
3624	// The key-value cache
3625
3626	final class CRB_Cache {

cerber-lab.php CHANGED Viewed

	@@ -258,11 +258,15 @@ function lab_send_request( $request, $node_id = null, $scheme = null ) {
258
259	$curl = @curl_init(); // @since 4.32
260	if ( ! $curl ) {


261	return false;
262	}
263


264	curl_setopt_array( $curl, array(
265	- CURLOPT_URL => $~~scheme . '://' . $node[2] . '/engine/v1/'~~,
266	CURLOPT_POST => true,
267	CURLOPT_HTTPHEADER => $headers,
268	CURLOPT_POSTFIELDS => $request_body,
	@@ -276,6 +280,9 @@ function lab_send_request( $request, $node_id = null, $scheme = null ) {
276	CURLOPT_CAINFO => ABSPATH . WPINC . '/certificates/ca-bundle.crt',
277	) );
278



279	$start = microtime( true );
280	$data = @curl_exec( $curl );
281	$stop = microtime( true );
	@@ -289,7 +296,10 @@ function lab_send_request( $request, $node_id = null, $scheme = null ) {
289	$response['status'] = 0;
290	$code = intval( curl_getinfo( $curl, CURLINFO_HTTP_CODE ) );
291	$response['error'] = 'No connection (' . $code . ')';
292	- //if (~~!$data)~~ // curl_error($curl) ~~. curl_errno($curl~~) );



293	}
294
295	curl_close( $curl );
	@@ -304,8 +314,13 @@ function lab_send_request( $request, $node_id = null, $scheme = null ) {
304	) );
305
306	if ( $response['error'] ) {


307	return false;
308	}



309
310	return $response;
311	}


258
259	$curl = @curl_init(); // @since 4.32
260	if ( ! $curl ) {
261	+ cerber_error_log( 'Unable to initialize cURL', 'CLOUD' );
262	+
263	return false;
264	}
265
266	+ $url = $scheme . '://' . $node[2] . '/engine/v1/';
267	+
268	curl_setopt_array( $curl, array(
269	+ CURLOPT_URL => $url,
270	CURLOPT_POST => true,
271	CURLOPT_HTTPHEADER => $headers,
272	CURLOPT_POSTFIELDS => $request_body,

280	CURLOPT_CAINFO => ABSPATH . WPINC . '/certificates/ca-bundle.crt',
281	) );
282
283	+ cerber_diag_log( 'Sending request to: ' . $url, 'CLOUD' );
284	+ cerber_diag_log( 'Request body: ' . print_r( $body, 1 ), 'CLOUD' );
285	+
286	$start = microtime( true );
287	$data = @curl_exec( $curl );
288	$stop = microtime( true );

296	$response['status'] = 0;
297	$code = intval( curl_getinfo( $curl, CURLINFO_HTTP_CODE ) );
298	$response['error'] = 'No connection (' . $code . ')';
299	+ if ( $curl_err = curl_error( $curl ) ) {
300	+ $curl_err .= '[' . curl_errno( $curl ) . ']';
301	+ cerber_error_log( 'cURL => ' . $curl_err, 'CLOUD' );
302	+ }
303	}
304
305	curl_close( $curl );

314	) );
315
316	if ( $response['error'] ) {
317	+ cerber_error_log( $response['error'], 'CLOUD' );
318	+
319	return false;
320	}
321	+ else {
322	+ cerber_diag_log( 'Response: ' . print_r( $response, 1 ), 'CLOUD' );
323	+ }
324
325	return $response;
326	}

cerber-load.php CHANGED Viewed

	@@ -268,11 +268,16 @@ class WP_Cerber {
268	* @since 6.3.3
269	*/
270	final public function isProhibitedFilename( $file_name ) {


271	$prohibited = array( '.htaccess' );
272	if ( in_array( $file_name, $prohibited ) ) {

273	return 57;
274	}

275	if ( cerber_detect_exec_extension( $file_name, array('js') ) ) {

276	return 56;
277	}
278
	@@ -1125,6 +1130,10 @@ add_filter( 'wp_authenticate_user', 'cerber_restrict_auth', PHP_INT_MAX, 2 );
1125	function cerber_restrict_auth( $user, $password = '', $app = false ) {
1126	global $cerber_act_status;
1127




1128	$deny = false;
1129	$user_msg = '';
1130
	@@ -1517,8 +1526,8 @@ function crb_sessions_kill( $tokens, $user_id = null, $admin = true ) {
1517	$errors = 0;
1518
1519	// Prevent termination the current admin session
1520	- if ( wp_get_session_token() ) {
1521	- unset( $kill[ ~~crb_admin_hash_token~~( ~~wp_get_session_token()~~ ) ] );
1522	}
1523
1524	foreach ( $users as $user_id ) {
	@@ -7291,7 +7300,7 @@ function cerber_inspect_value( &$value = '', $reset = false ) {
7291	$parsed = cerber_detect_php_code( $value );
7292	if ( ! empty( $parsed[0] ) ) {
7293	$cerber_act_status = 22;
7294	- $found = 100;
7295	}
7296	elseif ( ! empty( $parsed[1] ) ) {
7297	foreach ( $parsed[1] as $string ) {


268	* @since 6.3.3
269	*/
270	final public function isProhibitedFilename( $file_name ) {
271	+ global $cerber_act_status;
272	+
273	$prohibited = array( '.htaccess' );
274	if ( in_array( $file_name, $prohibited ) ) {
275	+ $cerber_act_status = CRB_STS_52;
276	return 57;
277	}
278	+
279	if ( cerber_detect_exec_extension( $file_name, array('js') ) ) {
280	+ $cerber_act_status = CRB_STS_51;
281	return 56;
282	}
283

1130	function cerber_restrict_auth( $user, $password = '', $app = false ) {
1131	global $cerber_act_status;
1132
1133	+ if ( is_wp_error( $user ) ) {
1134	+ return $user;
1135	+ }
1136	+
1137	$deny = false;
1138	$user_msg = '';
1139

1526	$errors = 0;
1527
1528	// Prevent termination the current admin session
1529	+ if ( $token = wp_get_session_token() ) {
1530	+ unset( $kill[ cerber_hash_token( $token ) ] );
1531	}
1532
1533	foreach ( $users as $user_id ) {

7300	$parsed = cerber_detect_php_code( $value );
7301	if ( ! empty( $parsed[0] ) ) {
7302	$cerber_act_status = 22;
7303	+ $found = 100;
7304	}
7305	elseif ( ! empty( $parsed[1] ) ) {
7306	foreach ( $parsed[1] as $string ) {

cerber-scanner.php CHANGED Viewed

	@@ -82,6 +82,8 @@ const CRB_SCAN_STOP = '__CERBER__SECURITY_SCAN_STOP__';
82	const CRB_SCAN_DTB = '__CERBER__SECURITY_SCAN_DATA_B';
83	const CRB_SCAN_DTE = '__CERBER__SECURITY_SCAN_DATA_E';
84


85	const CRB_SCAN_RCV_DIR = 'recovery';
86
87	const CRB_SQL_CHUNK = 10000; // @since 8.6.4 Split queries into chunks to reduce memory consumption
	@@ -336,7 +338,7 @@ function cerber_step_scanning() {
336	$remain = 0;
337	$exceed = false;
338
339	- crb_scan_debug( ~~cerber_step_desc~~( $scan['next_step'] ) . ' (step ' . $scan['next_step'] . ')' );
340
341	switch ( $scan['next_step'] ) {
342	case 0:
	@@ -439,8 +441,7 @@ function cerber_step_scanning() {
439	case 12:
440	$remain = cerber_process_files();
441	break;
442	- case 13:
443	- // Finalizing scan
444	cerber_apply_scan_policies();
445	break;
446	}
	@@ -449,7 +450,7 @@ function cerber_step_scanning() {
449	$next_step = cerber_next_step( $scan['next_step'] );
450	}
451
452	- if ( $next_step > 13 ) {
453	$update['finished'] = time();
454	$update['step_issues'] = array();
455	}
	@@ -479,7 +480,6 @@ function cerber_step_scanning() {
479
480	$ret = cerber_update_scan( $update );
481
482	- //if ( isset( $update['finished'] ) \|\| isset( $update['aborted'] ) ) {
483	if ( isset( $update['finished'] ) ) {
484	cerber_scan_completed();
485	cerber_delete_old_scans();
	@@ -501,10 +501,17 @@ function cerber_step_scanning() {
501
502	}
503
504	- ~~// Calculate the next step according to settings~~






505	function cerber_next_step( $current_step ) {
506	- ~~//$current_step = $scan['next_step'];~~
507	$next_step = $current_step;

508	switch ( $current_step ) {
509	case 1:
510	if ( crb_get_settings( 'scan_tmp' ) ) {
	@@ -3711,29 +3718,30 @@ function cerber_check_extension( $filename, $ext_list = array() ) {
3711
3712	}
3713
3714	- function ~~cerber_step_desc~~( $step = null ) {
3715	- ~~$steps = array(~~
3716	- ~~__(~~ ~~'Preparing~~ ~~for the scan', 'wp-cerber' ),~~
3717	- __( '~~Scanning~~ ~~folders~~ for ~~files~~', 'wp-cerber' ),
3718	- __( 'Scanning ~~the~~ ~~upload folder~~ for files', 'wp-cerber' ),
3719	- __( 'Scanning the ~~temp~~ folder for files', 'wp-cerber' ),
3720	- __( 'Scanning the ~~session~~ folder for files', 'wp-cerber' ),
3721	- __( '~~Parsing~~ the ~~list~~ of files', 'wp-cerber' ),
3722	- __( '~~Checking~~ ~~for~~ ~~new~~ ~~and~~ ~~modified~~ files', 'wp-cerber' ),
3723	- __( '~~Verifying~~ ~~the~~ ~~integrity~~ of ~~WordPress~~', 'wp-cerber' ),
3724	- __( '~~Recovering~~ WordPress ~~files~~', 'wp-cerber' ),
3725	- __( '~~Verifying~~ ~~the~~ ~~integrity of the plugins~~', 'wp-cerber' ),
3726	- __( '~~Recovering~~ plugins ~~files~~', 'wp-cerber' ),
3727	- __( '~~Verifying~~ ~~the~~ ~~integrity of the themes~~', 'wp-cerber' ),
3728	- __( '~~Searching~~ ~~for~~ ~~malicious~~ ~~code~~', 'wp-cerber' ),
3729	- __( '~~Finalizing~~ ~~the~~ ~~scan~~', 'wp-cerber' ),

3730	);
3731
3732	- if ( $step !== null && isset( $~~steps~~[ $step ] ) ) {
3733	- return $~~steps~~[ $step ];
3734	}
3735
3736	- return $~~steps~~;
3737	}
3738
3739	/**
	@@ -5175,12 +5183,17 @@ function cerber_make_numbers( &$update = array(), &$scan = array() ) {
5175	*/
5176	function crb_scan_debug( $msg ) {
5177	if ( crb_get_settings( 'scan_debug' ) ) {

5178	if ( is_wp_error( $msg ) ) {
5179	- $~~msg~~ = ~~'ERROR: ' .~~ $msg->get_error_message();







5180	}
5181	-
5182	- cerber_diag_log( cerber_db_get_errors( true ), 'Scanner' );
5183	- cerber_diag_log( $msg, 'Scanner' );
5184	}
5185	}
5186


82	const CRB_SCAN_DTB = '__CERBER__SECURITY_SCAN_DATA_B';
83	const CRB_SCAN_DTE = '__CERBER__SECURITY_SCAN_DATA_E';
84
85	+ const CRB_SCAN_END = 13;
86	+
87	const CRB_SCAN_RCV_DIR = 'recovery';
88
89	const CRB_SQL_CHUNK = 10000; // @since 8.6.4 Split queries into chunks to reduce memory consumption

338	$remain = 0;
339	$exceed = false;
340
341	+ crb_scan_debug( cerber_get_step_description( $scan['next_step'] ) . ' (step ' . $scan['next_step'] . ')' );
342
343	switch ( $scan['next_step'] ) {
344	case 0:

441	case 12:
442	$remain = cerber_process_files();
443	break;
444	+ case CRB_SCAN_END:

445	cerber_apply_scan_policies();
446	break;
447	}

450	$next_step = cerber_next_step( $scan['next_step'] );
451	}
452
453	+ if ( $next_step > CRB_SCAN_END ) {
454	$update['finished'] = time();
455	$update['step_issues'] = array();
456	}

480
481	$ret = cerber_update_scan( $update );
482

483	if ( isset( $update['finished'] ) ) {
484	cerber_scan_completed();
485	cerber_delete_old_scans();

501
502	}
503
504	+ /**
505	+ * Determine the next step according to settings
506	+ *
507	+ * @param $current_step
508	+ *
509	+ * @return int
510	+ */
511	function cerber_next_step( $current_step ) {
512	+
513	$next_step = $current_step;
514	+
515	switch ( $current_step ) {
516	case 1:
517	if ( crb_get_settings( 'scan_tmp' ) ) {

3718
3719	}
3720
3721	+ function cerber_get_step_description( $step = null ) {
3722	+
3723	+ $all_steps = array(
3724	+ 0 => __( 'Preparing for the scan', 'wp-cerber' ),
3725	+ 1 => __( 'Scanning folders for files', 'wp-cerber' ),
3726	+ 2 => __( 'Scanning the upload folder for files', 'wp-cerber' ),
3727	+ 3 => __( 'Scanning the temp folder for files', 'wp-cerber' ),
3728	+ 4 => __( 'Scanning the session folder for files', 'wp-cerber' ),
3729	+ 5 => __( 'Parsing the list of files', 'wp-cerber' ),
3730	+ 6 => __( 'Checking for new and modified files', 'wp-cerber' ),
3731	+ 7 => __( 'Verifying the integrity of WordPress', 'wp-cerber' ),
3732	+ 8 => __( 'Recovering WordPress files', 'wp-cerber' ),
3733	+ 9 => __( 'Verifying the integrity of the plugins', 'wp-cerber' ),
3734	+ 10 => __( 'Recovering plugins files', 'wp-cerber' ),
3735	+ 11 => __( 'Verifying the integrity of the themes', 'wp-cerber' ),
3736	+ 12 => __( 'Searching for malicious code', 'wp-cerber' ),
3737	+ CRB_SCAN_END => __( 'Finalizing the scan', 'wp-cerber' ),
3738	);
3739
3740	+ if ( $step !== null && isset( $all_steps[ $step ] ) ) {
3741	+ return $all_steps[ $step ];
3742	}
3743
3744	+ return $all_steps;
3745	}
3746
3747	/**

5183	*/
5184	function crb_scan_debug( $msg ) {
5185	if ( crb_get_settings( 'scan_debug' ) ) {
5186	+ $errors = cerber_db_get_errors( true );
5187	if ( is_wp_error( $msg ) ) {
5188	+ $errors[] = $msg->get_error_message();
5189	+ $msg = null;
5190	+ }
5191	+ if ( $errors ) {
5192	+ cerber_error_log( $errors, 'SCANNER' );
5193	+ }
5194	+ if ( $msg ) {
5195	+ cerber_diag_log( $msg, 'SCANNER' );
5196	}



5197	}
5198	}
5199

changelog.txt CHANGED Viewed

@@ -1,3 +1,9 @@
             = 8.8.5 =
             * New: Quick user activity analytics (user insights) with filtering links on the Activity and Live Traffic log pages. Select a user to see how it works.
             * New: Quick IP address activity and analytics (IP insights) with filtering links on the Activity and Live Traffic log pages. Select an IP address to see how it works.


1	+ = 8.8.6 =
2	+ * New: You can specify the "User-Agent" string for requests from the main (master) Cerber.Hub website by defining the PHP constant CERBER_HUB_UA in the wp-config.php file.
3	+ * New: Diagnostic logging for network requests to the WP Cerber cloud. To enable logging, define the PHP constant CERBER_CLOUD_DEBUG in the wp-config.php file. Logging covers admin operations on the WP Cerber admin pages only.
4	+ Fixed bug: "PHP Fatal error: Call to undefined function crb_admin_hash_token() in cerber-load.php:1521".
5	+ Fixed bug: "PHP Notice: Undefined property: WP_Error::$ID in cerber-load.php on line 1131".
6	+
7	= 8.8.5 =
8	* New: Quick user activity analytics (user insights) with filtering links on the Activity and Live Traffic log pages. Select a user to see how it works.
9	* New: Quick IP address activity and analytics (IP insights) with filtering links on the Activity and Live Traffic log pages. Select an IP address to see how it works.

nexus/cerber-nexus-master.php CHANGED Viewed

	@@ -952,7 +952,7 @@ function nexus_net_send_request( $payload, $slave ) {
952
953	nexus_diag_log( 'Sending HTTP request to ' . $slave->site_url );
954
955	- ~~curl_setopt_array(~~ $~~curl,~~ array(
956	CURLOPT_URL => $slave->site_url,
957	CURLOPT_FOLLOWLOCATION => 0,
958	CURLOPT_POST => true,
	@@ -966,8 +966,14 @@ function nexus_net_send_request( $payload, $slave ) {
966	//CURLOPT_CERTINFO => 1, doesn't work
967	//CURLOPT_VERBOSE => 1,
968	CURLOPT_CAINFO => ABSPATH . WPINC . '/certificates/ca-bundle.crt',
969	- CURLOPT_ENCODING => '' // allows built-in compressions
970	- ) );






971
972	$response = @curl_exec( $curl );
973	$curl_info = curl_getinfo( $curl );


952
953	nexus_diag_log( 'Sending HTTP request to ' . $slave->site_url );
954
955	+ $curl_opt = array(
956	CURLOPT_URL => $slave->site_url,
957	CURLOPT_FOLLOWLOCATION => 0,
958	CURLOPT_POST => true,

966	//CURLOPT_CERTINFO => 1, doesn't work
967	//CURLOPT_VERBOSE => 1,
968	CURLOPT_CAINFO => ABSPATH . WPINC . '/certificates/ca-bundle.crt',
969	+ CURLOPT_ENCODING => '', // allows built-in compressions
970	+ );
971	+
972	+ if ( defined( 'CERBER_HUB_UA' ) ) {
973	+ $curl_opt[ CURLOPT_USERAGENT ] = (string) CERBER_HUB_UA;
974	+ }
975	+
976	+ curl_setopt_array( $curl, $curl_opt );
977
978	$response = @curl_exec( $curl );
979	$curl_info = curl_getinfo( $curl );

nexus/cerber-nexus.php CHANGED Viewed

	@@ -318,7 +318,7 @@ function nexus_is_valid_request() {
318	return false;
319	}
320
321	- nexus_diag_log( 'Check for valid master request...' );
322
323	// It seems this is a request from the master
324	// Check master credentials and payload checksum


318	return false;
319	}
320
321	+ nexus_diag_log( 'Check for a valid master request ...' );
322
323	// It seems this is a request from the master
324	// Check master credentials and payload checksum

readme.txt CHANGED Viewed

	@@ -317,6 +317,12 @@ To get access to your dashboard you need to copy the WP Cerber Reset folder to t
317
318	== Changelog ==
319






320	= 8.8.5 =
321	* New: Quick user activity analytics (user insights) with filtering links on the Activity and Live Traffic log pages. Select a user to see how it works.
322	* New: Quick IP address activity and analytics (IP insights) with filtering links on the Activity and Live Traffic log pages. Select an IP address to see how it works.


317
318	== Changelog ==
319
320	+ = 8.8.6 =
321	+ * New: You can specify the "User-Agent" string for requests from the main (master) Cerber.Hub website by defining the PHP constant CERBER_HUB_UA in the wp-config.php file.
322	+ * New: Diagnostic logging for network requests to the WP Cerber cloud. To enable logging, define the PHP constant CERBER_CLOUD_DEBUG in the wp-config.php file. Logging covers admin operations on the WP Cerber admin pages only.
323	+ Fixed bug: "PHP Fatal error: Call to undefined function crb_admin_hash_token() in cerber-load.php:1521".
324	+ Fixed bug: "PHP Notice: Undefined property: WP_Error::$ID in cerber-load.php on line 1131".
325	+
326	= 8.8.5 =
327	* New: Quick user activity analytics (user insights) with filtering links on the Activity and Live Traffic log pages. Select a user to see how it works.
328	* New: Quick IP address activity and analytics (IP insights) with filtering links on the Activity and Live Traffic log pages. Select an IP address to see how it works.

wp-cerber.php CHANGED Viewed

	@@ -5,7 +5,7 @@
5	Description: Defends WordPress against hacker attacks, spam, trojans, and viruses. Malware scanner and integrity checker. Hardening WordPress with a set of comprehensive security algorithms. Spam protection with a sophisticated bot detection engine and reCAPTCHA. Tracks user and intruder activity with powerful email, mobile and desktop notifications.
6	Author: Cerber Tech Inc.
7	Author URI: https://wpcerber.com
8	- Version: 8.8.5
9	Text Domain: wp-cerber
10	Domain Path: /languages
11	Network: true
	@@ -31,7 +31,7 @@
31
32	*/
33
34	- const CERBER_VER = '8.8.5';
35	const CERBER_PLUGIN_ID = 'wp-cerber/wp-cerber.php';
36
37	function cerber_plugin_file() {


5	Description: Defends WordPress against hacker attacks, spam, trojans, and viruses. Malware scanner and integrity checker. Hardening WordPress with a set of comprehensive security algorithms. Spam protection with a sophisticated bot detection engine and reCAPTCHA. Tracks user and intruder activity with powerful email, mobile and desktop notifications.
6	Author: Cerber Tech Inc.
7	Author URI: https://wpcerber.com
8	+ Version: 8.8.6
9	Text Domain: wp-cerber
10	Domain Path: /languages
11	Network: true

31
32	*/
33
34	+ const CERBER_VER = '8.8.6';
35	const CERBER_PLUGIN_ID = 'wp-cerber/wp-cerber.php';
36
37	function cerber_plugin_file() {

Cerber Security & Antispam - Version 8.8.6

Version Description

Release Info

Code changes from version 8.8.5 to 8.8.6