From 01281e535a0f532494959df4736083a8743243a2 Mon Sep 17 00:00:00 2001 From: svfcode Date: Wed, 2 Oct 2024 13:03:54 +0300 Subject: [PATCH 1/7] Update version. --- security-malware-firewall.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security-malware-firewall.php b/security-malware-firewall.php index ecfb7bf3e..94aabb09c 100644 --- a/security-malware-firewall.php +++ b/security-malware-firewall.php @@ -5,7 +5,7 @@ Plugin URI: https://wordpress.org/plugins/security-malware-firewall/ Description: Security & Malware scan by CleanTalk to protect your website from online threats and viruses. IP/Country FireWall, Web application FireWall. Detailed stats and logs to have full control. Author: CleanTalk Security -Version: 2.143 +Version: 2.143.1-fix Author URI: https://cleantalk.org Text Domain: security-malware-firewall Domain Path: /i18n From c976cc223307cac79047924c91642173c8622220 Mon Sep 17 00:00:00 2001 From: Glomberg Date: Wed, 2 Oct 2024 15:51:10 +0300 Subject: [PATCH 2/7] Fix. Readme updated. --- readme.txt | 63 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 33 insertions(+), 30 deletions(-) diff --git a/readme.txt b/readme.txt index 7d55858ac..41533d6d0 100644 --- a/readme.txt +++ b/readme.txt @@ -304,36 +304,39 @@ This is required for the Security FireWall to function properly. Plugins that ar == Screenshots == 1. **Firewall log tab**. The log includes detailed info about each of visitor that reached the site and his firewall check status. Also show Traffic Control activity for the user. -2. **Security Log tab**. The log includes list of Brute force attacks or failed logins and list of successful logins for up to 45 days. The plugin keeps the log on CleanTalk servers to make the log not accessible for hackers. -3. **General settings tab**. Here you can manage all the plugin settings. -4. **General settings - authentication and log in**. Here you can manage Brute-Force protection, 2FA auth and change login URL. -5. **General settings - firewall**. Here you can manage Firewall modules and Traffic Control settings. -6. **General settings - scanner**. Here you can manage automatic scanner start, types of checks, directories exclusions for scanner and enable important files monitoring. -7. **General settings - admin bar**. Here you can set behavior of admin bar module. -8. **Admin bar**. How the admin bar module looks. -9. **General settings - trusted text**. Here you can manage your affiliate links and trusted text shown for visitors. -10. **Trusted text**. How the trusted text looks. -11. **Malware scanner tab**. Here you can scan all WordPress files for malicious and suspicious code and see the result. -12. **Malware scanner results - critical**. There is a list of files that contains dangerous code or malware signatures. -13. **Malware scanner results - suspicious**. There is a list of files that contains suspicious code. -14. **Malware scanner results - approved**. There is a list of files that were approved by user, Cloud analysis or CleanTalk team. -15. **Malware scanner results - analysis log**. There is a list of files that were sent for Cloud Malware Scanner analysis and their status. -16. **Malware scanner results - unknown**. There is a list of files that contain no malware, but they are not a part of WordPress core or plugins/themes. -17. **Malware scanner results - cured**. There is a list of files that have been automatically cured. -18. **Malware scanner results - frontend malware**. There is a list of frontend pages that contains malicious HTML/JavaScript code. -19. **Malware scanner results - unsafe permissions**. There is a list of files that could be reached by a hacker because of unsafe permission set. -20. **Malware scanner results - file monitoring**. There is a list of important files and their snapshots. You can use this to know if they were changed. -21. **Malware scanner results - snapshot**. How the important file snapshot looks. -22. **Malware scanner results - PFD report**. How the PDF report of scan results looks. -23. **Backups interface**. How the backups interface looks. -24. **Summary tab**. The general info about the plugin state. -25. **Templates interface**. Using this interface you can apply the settings from another site of your CleanTalk account or a template saved before. -26. **Example of blocking page - Firewall**. If the visitor IP is in hazardous net list or blacklisted in your personal list, he will see this screen. -27. **Example of blocking page - XSS**. If the visitor attempts to implement XXS, he will see this screen. -28. **Example of blocking page - SQL**. If the visitor attempts to implement SQL injection, he will see this screen. -29. **Example of blocking page - Brute-Force**. If the visitor tried to use wrong credentials for many times, he will see this screen. -30. **Example of blocking page - Traffic Control**. If the visitor has requested site pages too often, he will see this screen. -31. **File System Watcher tab**. File System Watcher interface. +2. **Critical Updates tab**. Critical Updates interface. +3. **File System Watcher tab**. File System Watcher interface. +4. **Malware scanner tab**. Here you can scan all WordPress files for malicious and suspicious code and see the result. +5. **Security Log tab**. The log includes list of Brute force attacks or failed logins and list of successful logins for up to 45 days. The plugin keeps the log on CleanTalk servers to make the log not accessible for hackers. +6. **General settings tab**. Here you can manage all the plugin settings. +7. **Summary tab**. The general info about the plugin state. +8. **Backups interface**. How the backups interface looks. +9. **General settings - authentication and log in**. Here you can manage Brute-Force protection, 2FA auth and change login URL. +10. **General settings - firewall**. Here you can manage Firewall modules and Traffic Control settings. +11. **General settings - scanner**. Here you can manage automatic scanner start, types of checks, directories exclusions for scanner and enable important files monitoring. +12. **General settings - admin bar**. Here you can set behavior of admin bar module. +13. **Admin bar**. How the admin bar module looks. +14. **General settings - trusted text**. Here you can manage your affiliate links and trusted text shown for visitors. +15. **Trusted text**. How the trusted text looks. +16. **Malware scanner results - critical**. There is a list of files that contains dangerous code or malware signatures. +17. **Malware scanner results - suspicious**. There is a list of files that contains suspicious code. +18. **Malware scanner results - approved**. There is a list of files that were approved by user, Cloud analysis or CleanTalk team. +19. **Malware scanner results - analysis log**. There is a list of files that were sent for Cloud Malware Scanner analysis and their status. +20. **Malware scanner results - unknown**. There is a list of files that contain no malware, but they are not a part of WordPress core or plugins/themes. +21. **Malware scanner results - cured**. There is a list of files that have been automatically cured. +22. **Malware scanner results - frontend malware**. There is a list of frontend pages that contains malicious HTML/JavaScript code. +23. **Malware scanner results - unsafe permissions**. There is a list of files that could be reached by a hacker because of unsafe permission set. +24. **Malware scanner results - file monitoring**. There is a list of important files and their snapshots. You can use this to know if they were changed. +25. **Malware scanner results - snapshot**. How the important file snapshot looks. +26. **Malware scanner results - PFD report**. How the PDF report of scan results looks. +27. **Templates interface**. Using this interface you can apply the settings from another site of your CleanTalk account or a template saved before. +28. **Example of blocking page - Firewall**. If the visitor IP is in hazardous net list or blacklisted in your personal list, he will see this screen. +29. **Example of blocking page - XSS**. If the visitor attempts to implement XXS, he will see this screen. +30. **Example of blocking page - SQL**. If the visitor attempts to implement SQL injection, he will see this screen. +31. **Example of blocking page - Brute-Force**. If the visitor tried to use wrong credentials for many times, he will see this screen. +32. **Example of blocking page - Traffic Control**. If the visitor has requested site pages too often, he will see this screen. + + == Changelog == From 34cb2308d92e6a780828524ab675fcdf1be70a02 Mon Sep 17 00:00:00 2001 From: Glomberg Date: Wed, 2 Oct 2024 17:25:16 +0300 Subject: [PATCH 3/7] Fix. Readme updated. --- readme.txt | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/readme.txt b/readme.txt index 41533d6d0..e493d1c00 100644 --- a/readme.txt +++ b/readme.txt @@ -326,15 +326,13 @@ This is required for the Security FireWall to function properly. Plugins that ar 21. **Malware scanner results - cured**. There is a list of files that have been automatically cured. 22. **Malware scanner results - frontend malware**. There is a list of frontend pages that contains malicious HTML/JavaScript code. 23. **Malware scanner results - unsafe permissions**. There is a list of files that could be reached by a hacker because of unsafe permission set. -24. **Malware scanner results - file monitoring**. There is a list of important files and their snapshots. You can use this to know if they were changed. -25. **Malware scanner results - snapshot**. How the important file snapshot looks. -26. **Malware scanner results - PFD report**. How the PDF report of scan results looks. -27. **Templates interface**. Using this interface you can apply the settings from another site of your CleanTalk account or a template saved before. -28. **Example of blocking page - Firewall**. If the visitor IP is in hazardous net list or blacklisted in your personal list, he will see this screen. -29. **Example of blocking page - XSS**. If the visitor attempts to implement XXS, he will see this screen. -30. **Example of blocking page - SQL**. If the visitor attempts to implement SQL injection, he will see this screen. -31. **Example of blocking page - Brute-Force**. If the visitor tried to use wrong credentials for many times, he will see this screen. -32. **Example of blocking page - Traffic Control**. If the visitor has requested site pages too often, he will see this screen. +24. **Malware scanner results - PFD report**. How the PDF report of scan results looks. +25. **Templates interface**. Using this interface you can apply the settings from another site of your CleanTalk account or a template saved before. +26. **Example of blocking page - Firewall**. If the visitor IP is in hazardous net list or blacklisted in your personal list, he will see this screen. +27. **Example of blocking page - XSS**. If the visitor attempts to implement XXS, he will see this screen. +28. **Example of blocking page - SQL**. If the visitor attempts to implement SQL injection, he will see this screen. +29. **Example of blocking page - Brute-Force**. If the visitor tried to use wrong credentials for many times, he will see this screen. +30. **Example of blocking page - Traffic Control**. If the visitor has requested site pages too often, he will see this screen. From a402fa5d765c615a8260ef7121a874cb96d65d87 Mon Sep 17 00:00:00 2001 From: alexandergull Date: Mon, 7 Oct 2024 22:51:28 +0500 Subject: [PATCH 4/7] Fix. HTTP. Ping. If fsockopen() is unavailable return current server as fastest. --- lib/CleantalkSP/Common/DNS.php | 2 +- lib/CleantalkSP/Common/Helpers/HTTP.php | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/CleantalkSP/Common/DNS.php b/lib/CleantalkSP/Common/DNS.php index 9baff3381..78e4d90aa 100644 --- a/lib/CleantalkSP/Common/DNS.php +++ b/lib/CleantalkSP/Common/DNS.php @@ -103,7 +103,7 @@ public static function getResponseTime($host) { // Skip localhost ping cause it raise error at fsockopen. // And return minimum value - if ($host === 'localhost') { + if ($host === 'localhost' || !function_exists('fsockopen')) { return 0.001; } diff --git a/lib/CleantalkSP/Common/Helpers/HTTP.php b/lib/CleantalkSP/Common/Helpers/HTTP.php index cbb4230bc..ed02e32d5 100644 --- a/lib/CleantalkSP/Common/Helpers/HTTP.php +++ b/lib/CleantalkSP/Common/Helpers/HTTP.php @@ -325,6 +325,10 @@ public static function sortHostsByResponseTime($hosts) */ public static function ping($host) { + if ($host === 'localhost' || !function_exists('fsockopen')) { + return 0.001; + } + $starttime = microtime(true); $file = @fsockopen($host, 80, $errno, $errstr, 1500 / 1000); $stoptime = microtime(true); From 41db3827b15e723c833d8c8d267956b7e530c33c Mon Sep 17 00:00:00 2001 From: alexandergull Date: Tue, 8 Oct 2024 14:02:33 +0500 Subject: [PATCH 5/7] Fix. Scanner. Cron. Fixed timezone detection on cron jobs. --- inc/spbc-settings.php | 8 ++++++-- inc/spbc-tools.php | 17 ++++++++++------- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/inc/spbc-settings.php b/inc/spbc-settings.php index 9f474778a..f10f254ce 100644 --- a/inc/spbc-settings.php +++ b/inc/spbc-settings.php @@ -4596,7 +4596,11 @@ function spbc_sanitize_settings($settings) } // Scanner custom start time logic - if ( empty($spbc->errors['configuration']) && $spbc->settings['scanner__auto_start_manual_time']) { + if ( + empty($spbc->errors['configuration']) && + $settings['scanner__auto_start_manual_time'] && + $settings['scanner__auto_start_manual_time'] != $spbc->settings['scanner__auto_start_manual_time'] + ) { //if ( empty($spbc->errors['configuration']) ) { $scanner_launch_data = spbc_get_custom_scanner_launch_data(false, $settings); \CleantalkSP\SpbctWP\Cron::updateTask( @@ -5736,7 +5740,7 @@ function spbc_get_next_scan_launch_time_text() ) { return sprintf( ' ' . __('The next automatic scan is scheduled on %s %s.', 'security-malware-firewall'), - date('M d Y H:i:s', $task['next_call']), + date('M d Y H:i:s', $task['next_call'] + ((float)get_option('gmt_offset') * 3600)), spbc_wp_timezone_string() ); } diff --git a/inc/spbc-tools.php b/inc/spbc-tools.php index ce28d5ab4..4d8e5d59d 100644 --- a/inc/spbc-tools.php +++ b/inc/spbc-tools.php @@ -509,16 +509,19 @@ function spbc_get_custom_scanner_launch_data($first_start = false, $settings = a $period = $first_start ? 43200 : 86400; $settings = empty($settings) ? $spbc->settings : $settings; - $period = $settings['scanner__auto_start__set_period'] ?: $period; + $period = (int)$settings['scanner__auto_start__set_period'] ?: $period; - $timezone = $settings['scanner__auto_start_manual_tz'] ?: (int) Post::get('spbc_settings[scanner__auto_start_manual_tz]'); + // this is a shift in seconds to adjust the time, provided only for cases when the start time is customized + $timezone_shift = 0; - $hour_minutes = $settings['scanner__auto_start_manual_time'] - ? explode(':', $settings['scanner__auto_start_manual_time']) - : explode(':', (string)current_time('H:i')); - $start_time = mktime((int)$hour_minutes[0], (int)$hour_minutes[1]) - $timezone * 3600 + $period; + if ($settings['scanner__auto_start_manual_time']) { + $hour_minutes = explode(':', (string)$settings['scanner__auto_start_manual_time']); + $timezone_shift = $spbc->data['site_utc_offset_in_seconds'] ?: 0; + } else { + $hour_minutes = explode(':', date('H:i')); + } - // Hard fix - increments one more $period if the $start_time calculated in the past + $start_time = mktime((int)$hour_minutes[0], (int)$hour_minutes[1]) - $timezone_shift + $period; if ( time() > $start_time ) { $start_time += $period; } From dbba9d0ae6a4655704b8cfb74b140b80d8097767 Mon Sep 17 00:00:00 2001 From: alexandergull Date: Wed, 9 Oct 2024 17:40:48 +0500 Subject: [PATCH 6/7] Upd. Sending for analysis. Long description provided. --- inc/spbc-settings.php | 42 +++++++++++++++++++++++++++++- lib/CleantalkSP/SpbctWP/Escape.php | 8 ++++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/inc/spbc-settings.php b/inc/spbc-settings.php index f10f254ce..9e5d7af98 100644 --- a/inc/spbc-settings.php +++ b/inc/spbc-settings.php @@ -5224,6 +5224,10 @@ function spbc_settings__get_description() 'title' => IP::getOptionLongDescriptionArray()['title'], 'desc' => IP::getOptionLongDescriptionArray()['desc'], ), + 'sending_for_analysis_rules' => array( + 'title' => 'Sending for cloud analysis', + 'desc' => spbc__get_accordion_tab_info_block_html('sending_for_analysis_rules'), + ), 'no_description' => array( 'title' => esc_html($setting_id), 'desc' => __('No description provided yet for this item. We are sorry about this. Please, contact support@cleantalk.org for further help.', 'security-malware-firewall'), @@ -5832,7 +5836,7 @@ function spbc__get_accordion_tab_info_block_html($for) %MAIN_TEXT%
  • %OPTION_1%
    • -
  • %OPTION_2%
    • +
  • %OPTION_2%
'; @@ -5850,6 +5854,42 @@ function spbc__get_accordion_tab_info_block_html($for) $info_block_out = $template; $classes = 'notice notice-info'; break; + case 'sending_for_analysis_rules': + $template = ' +
+

%MAIN_TEXT_1%

+

%MAIN_TEXT_2%

+
    +
  • %OPTION_1%
    • +
  • %OPTION_2%
    • +
  • %OPTION_3%
    • +
+

%MAIN_TEXT_3%

+
    +
  • %OPTION_4%
    • +
+

%MAIN_TEXT_4%

+
+ '; + $main_text_1 = __('Send the file for cloud analysis. After the file is sent, the file is available in the tab "Analysis log". Read more about analysis results in the appropriate tab. ', 'security-malware-firewall'); + $main_text_2 = __('The file sent for analysis must meet the following requirements:', 'security-malware-firewall'); + $main_text_3 = __('For "Unknown" files category, file extension should be from the list of allowed extensions:', 'security-malware-firewall'); + $main_text_4 = __('If any of requirements are not met, the action for file is not available.', 'security-malware-firewall'); + $option1 = __('the file was not ever denied or approved by CleanTalk team', 'security-malware-firewall'); + $option2 = __('the file sending is not already scheduled during common scan process', 'security-malware-firewall'); + $option3 = __('the file size is larger than zero and less than 1Mb', 'security-malware-firewall'); + $option4 = __('.php*, .html, .htm, .phtml, shtml, .phar, .odf', 'security-malware-firewall'); + $template = str_replace('%MAIN_TEXT_1%', $main_text_1, $template); + $template = str_replace('%MAIN_TEXT_2%', $main_text_2, $template); + $template = str_replace('%MAIN_TEXT_3%', $main_text_3, $template); + $template = str_replace('%MAIN_TEXT_4%', $main_text_4, $template); + $template = str_replace('%OPTION_1%', $option1, $template); + $template = str_replace('%OPTION_2%', $option2, $template); + $template = str_replace('%OPTION_3%', $option3, $template); + $template = str_replace('%OPTION_4%', $option4, $template); + $info_block_out = Escape::escKsesPreset($template, 'spbc_settings__sending_for_analysis_rules'); + $classes = ''; + break; case 'skipped': $template = '
diff --git a/lib/CleantalkSP/SpbctWP/Escape.php b/lib/CleantalkSP/SpbctWP/Escape.php index 0681b58be..688461397 100644 --- a/lib/CleantalkSP/SpbctWP/Escape.php +++ b/lib/CleantalkSP/SpbctWP/Escape.php @@ -161,6 +161,14 @@ public static function escKsesPreset($string, $preset = null, $_allowed_protocol 'alt' => true, 'style' => true, ), + ), + 'spbc_settings__sending_for_analysis_rules' => array( + 'div' => array(), + 'p' => array(), + 'li' => array(), + 'ul' => array( + 'style' => true, + ), ) ); From 538a0147735c992d487880c34c8dfe31cd7e1a8c Mon Sep 17 00:00:00 2001 From: alexandergull Date: Wed, 9 Oct 2024 18:28:50 +0500 Subject: [PATCH 7/7] Fix. Backend logs collecting. Fixed option status dependency of account status check. --- security-malware-firewall.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/security-malware-firewall.php b/security-malware-firewall.php index 94aabb09c..76bbb872c 100644 --- a/security-malware-firewall.php +++ b/security-malware-firewall.php @@ -1926,7 +1926,10 @@ function spbc_check_account_status($api_key) } // Disable/enable the collecting backend PHP log depends on the extra package data - $spbc->settings['misc__backend_logs_enable'] = (int) $spbc->data['extra_package']['backend_logs']; + $spbc->settings['misc__backend_logs_enable'] = (int)( + $spbc->data['extra_package']['backend_logs'] == 1 && + $spbc->settings['misc__backend_logs_enable'] == 1 + ); $spbc->save('settings'); $spbc->save('data');