Esempio n. 1
0
function exploitscanner_admin_page()
{
    global $wp_version;
    // non-ajax scan form processing
    if (isset($_POST['action']) && 'scan' == $_POST['action']) {
        check_admin_referer('exploitscanner-scan_all');
        $fsl = !isset($_POST['filesize_limit']) || !is_numeric($_POST['filesize_limit']) ? 400 : (int) $_POST['filesize_limit'];
        $dis = isset($_POST['display_pattern']) ? true : false;
        $scanner = new File_Exploit_Scanner(ABSPATH, array('start' => 0, 'fsl' => $fsl, 'display_pattern' => $dis));
        $scanner->run();
        $scanner = new DB_Exploit_Scanner();
        $scanner->run();
    }
    delete_transient('exploitscanner_results_trans');
    $results = get_option('exploitscanner_results');
    ?>
	<div class="wrap">
		<h2>Exploit Scanner</h2>
		
		<p>This script searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. It does <strong>NOT</strong> remove anything, this is left for the user to do.</p>
		
		<form action="<?php 
    admin_url('tools.php?page=exploit-scanner');
    ?>
" method="post">
			<?php 
    wp_nonce_field('exploitscanner-scan_all');
    ?>
			<input type="hidden" name="action" value="scan" />
			<table class="form-table">
				<tr>
					<th scope="row"><label for="display_pattern">Search for suspicious styles:</label></th>
					<td><input type="checkbox" id="display_pattern" name="display_pattern" checked="checked" value="1" /> <span class="description">(<code>display:none</code> and <code>visibility:hidden</code> can be used to hide spam, but may cause many false positives)</span></td>
				</tr>			
				<tr>
					<th scope="row"><label for="filesize_limit">Upper file size limit:</label></th>
					<td><input type="text" size="3" id="filesize_limit" name="filesize_limit" value="400" />KB <span class="description">(files larger than this are skipped and will be listed at the end of scan)</span></td>
				</tr>
				<tr class="hide-if-no-js">
					<th scope="row"><label for="max_test_files">Number of files per batch:</label></th>
					<td>
						<select id="max_test_files" name="max_test_files">
							<option value="100">100</option>
							<option value="150" selected="selected">150</option>
							<option value="250">250</option>
							<option value="500">500</option>
							<option value="1000">1000</option>
						</select>
						<span class="description">(to help reduce memory limit errors the scan processes a series of file batches)</span>
					</td>
				</tr>
			</table>
		
			<p class="submit"><input type="submit" id="run-scanner" class="button-primary" value="Run the Scan" /></p>
		</form>
		
		<script type="text/javascript">
			jQuery(document).ready(function($){
				$('#run-scanner').click( function() {
					var fsl = $('#filesize_limit').val(),
						max = parseInt( $('#max_test_files').val() ),
						dis = ($('#display_pattern:checked').val() !== undefined);
						
					$('#scan-results').hide();
					$('#scan-loader').show();				
					exploitscanner_file_scan(0, fsl, max, dis);
					return false;
				});
				
				$('#hide-skipped').toggle( function() {
					$('.skipped-file').hide();
					$(this).html('Show skipped files');
				}, function() {
					$('.skipped-file').show();
					$(this).html('Hide skipped files');
				});
			});
			
			var exploitscanner_file_scan = function(s, fsl, max, dis) {
				jQuery.post( ajaxurl, {
					action: 'exploit-scanner_file_scan',
					start: s,
					filesize_limit: fsl,
					max_batch_size: max,
					display_pattern: dis,
					_ajax_nonce: '<?php 
    echo wp_create_nonce('exploit-scanner_scan');
    ?>
'
				}, function(r) {
					if ( 'Complete' != r ) {
						jQuery('#scan-loader span').html(r);
						exploitscanner_file_scan(s+max, fsl, max, dis);						
					} else {
						exploitscanner_db_scan();
					}
				});
			};
			
			var exploitscanner_db_scan = function() {
				jQuery('#scan-loader span').html('Scanning database...');
				jQuery.post( ajaxurl, {
					action: 'exploit-scanner_db_scan',
					_ajax_nonce: '<?php 
    echo wp_create_nonce('exploit-scanner_scan');
    ?>
'
				}, function(r) {
					jQuery('#scan-loader img').hide();
					jQuery('#scan-loader span').html('Scan complete. Refresh the page to view the results.');
					window.location.reload(false);
				});
			};
		</script>
		
		<div id="scan-loader" style="display:none;margin:10px;padding:10px;background:#f7f7f7;border:1px solid #c6c6c6;text-align:center">
			<p><strong>Searching your filesystem and database for possible exploit code</strong></p>
			<p><span style="margin-right:5px">Files scanned: 0...</span><img src="<?php 
    echo plugins_url('loader.gif', __FILE__);
    ?>
" height="16px" width="16px" alt="loading-icon" /></p>
		</div>
		
		<div id="scan-results">
		<?php 
    if (!$results) {
        ?>
			<h3>Results</h3><p>No results stored.</p>
		<?php 
    } else {
        exploitscanner_show_results($results);
    }
    ?>
		</div>
		
		<h3>General Information</h3>
		<?php 
    echo exploitscanner_list_admins();
    ?>
		
		<h4>DISCLAIMER</h4>
		<p>Unfortunately it's impossible to catch every hack and it's all too easy to catch false positives (show a file as suspicious when in reality it is clean). If you have been hacked, this script may help you track down what files, comments or posts have been modified. On the other hand, if this script indicates your blog is clean, don't believe it. This is far from foolproof.</p>
		
		<p><strong>For the paranoid...</strong><br />
		To prevent someone hiding malicious code inside this plugin and to check that the signatures file hasn't been changed, here are the MD5 hashes of these files. Compare them with the references on the plugin homepage. You'll get extra points if you check this file has the actual md5_file() calls.</p>
		<p style="text-align: center">MD5 of exploit-scanner.php: <code><?php 
    echo md5_file(__FILE__);
    ?>
</code></p>
		<?php 
    if (file_exists(dirname(__FILE__) . '/hashes-' . $wp_version . '.php')) {
        ?>
			<p style="text-align: center">MD5 of hashes-<?php 
        echo $wp_version;
        ?>
.php: <code><?php 
        echo md5_file(dirname(__FILE__) . '/hashes-' . $wp_version . '.php');
        ?>
</code></p>
		<?php 
    }
    ?>
	</div>
<?php 
}
Esempio n. 2
0
/**
 * Display scan initiation form and any stored results.
 */
function exploitscanner_results_page()
{
    global $wp_version;
    delete_transient('exploitscanner_results_trans');
    delete_transient('exploitscanner_files');
    $results = get_option('exploitscanner_results');
    ?>
	<p>This script searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. It does <strong>NOT</strong> remove anything, this is left for the user to do.</p>
	<form action="<?php 
    admin_url('tools.php?page=exploit-scanner');
    ?>
" method="post">
		<?php 
    wp_nonce_field('exploitscanner-scan_all');
    ?>
		<input type="hidden" name="action" value="scan" />
		<table class="form-table">
			<tr>
				<th scope="row"><label for="display_pattern">Search for suspicious styles:</label></th>
				<td><input type="checkbox" id="display_pattern" name="display_pattern" checked="checked" value="1" /> <span class="description">(<code>display:none</code> and <code>visibility:hidden</code> can be used to hide spam, but may cause many false positives)</span></td>
			</tr>
			<tr>
				<th scope="row"><label for="filesize_limit">Upper file size limit:</label></th>
				<td><input type="text" size="3" id="filesize_limit" name="filesize_limit" value="400" />KB <span class="description">(files larger than this are skipped and will be listed at the end of scan)</span></td>
			</tr>
			<tr class="hide-if-no-js">
				<th scope="row"><label for="max_test_files">Number of files per batch:</label></th>
				<td>
					<select id="max_test_files" name="max_test_files">
						<option value="100">100</option>
						<option value="150">150</option>
						<option value="250" selected="selected">250</option>
						<option value="500">500</option>
						<option value="1000">1000</option>
					</select>
					<span class="description">(to help reduce memory limit errors the scan processes a series of file batches)</span>
				</td>
			</tr>
		</table>
		<p class="submit"><input type="submit" id="run-scanner" class="button-primary" value="Run the Scan" /></p>
	</form>

	<div id="scan-loader" style="display:none;margin:10px;padding:10px;background:#f7f7f7;border:1px solid #c6c6c6;text-align:center">
		<p><strong>Searching your filesystem and database for possible exploit code</strong></p>
		<p><span style="margin-right:5px">Files scanned: 0...</span><img src="<?php 
    echo plugins_url('loader.gif', __FILE__);
    ?>
" height="16px" width="16px" alt="loading-icon" /></p>
	</div>

	<div id="scan-results">
	<?php 
    if (!$results) {
        ?>
		<h3>Results</h3><p>Nothing found.</p>
	<?php 
    } else {
        exploitscanner_show_results($results);
    }
    ?>
	</div>

	<h3>General Information</h3>
	<?php 
    echo exploitscanner_list_admins();
    ?>

	<h4>DISCLAIMER</h4>
	<p>Unfortunately it's impossible to catch every hack and it's all too easy to catch false positives (show a file as suspicious when in reality it is clean). If you have been hacked, this script may help you track down what files, comments or posts have been modified. On the other hand, if this script indicates your blog is clean, don't believe it. This is far from foolproof.</p>

	<p><strong>For the paranoid...</strong><br />
	To prevent someone hiding malicious code inside this plugin and to check that the signatures file hasn't been changed, here are the MD5 and SHA1 hashes of these files. Compare them with the references on the plugin homepage. You'll get extra points if you check this file has the actual md5_file() and sha1_file() calls.</p>
	<p style="text-align: center">MD5 of exploit-scanner.php: <code><?php 
    echo md5_file(__FILE__);
    ?>
</code></p>
	<p style="text-align: center">SHA1 of exploit-scanner.php: <code><?php 
    echo sha1_file(__FILE__);
    ?>
</code></p>
	<?php 
    if (file_exists(dirname(__FILE__) . '/hashes-' . $wp_version . '.php')) {
        ?>
		<p style="text-align: center">MD5 of hashes-<?php 
        echo $wp_version;
        ?>
.php: <code><?php 
        echo md5_file(dirname(__FILE__) . '/hashes-' . $wp_version . '.php');
        ?>
</code></p>
		<p style="text-align: center">SHA1 of hashes-<?php 
        echo $wp_version;
        ?>
.php: <code><?php 
        echo sha1_file(dirname(__FILE__) . '/hashes-' . $wp_version . '.php');
        ?>
</code></p>
	<?php 
    }
}