function exploitscanner_admin_page() { global $wp_version; // non-ajax scan form processing if (isset($_POST['action']) && 'scan' == $_POST['action']) { check_admin_referer('exploitscanner-scan_all'); $fsl = !isset($_POST['filesize_limit']) || !is_numeric($_POST['filesize_limit']) ? 400 : (int) $_POST['filesize_limit']; $dis = isset($_POST['display_pattern']) ? true : false; $scanner = new File_Exploit_Scanner(ABSPATH, array('start' => 0, 'fsl' => $fsl, 'display_pattern' => $dis)); $scanner->run(); $scanner = new DB_Exploit_Scanner(); $scanner->run(); } delete_transient('exploitscanner_results_trans'); $results = get_option('exploitscanner_results'); ?> <div class="wrap"> <h2>Exploit Scanner</h2> <p>This script searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. It does <strong>NOT</strong> remove anything, this is left for the user to do.</p> <form action="<?php admin_url('tools.php?page=exploit-scanner'); ?> " method="post"> <?php wp_nonce_field('exploitscanner-scan_all'); ?> <input type="hidden" name="action" value="scan" /> <table class="form-table"> <tr> <th scope="row"><label for="display_pattern">Search for suspicious styles:</label></th> <td><input type="checkbox" id="display_pattern" name="display_pattern" checked="checked" value="1" /> <span class="description">(<code>display:none</code> and <code>visibility:hidden</code> can be used to hide spam, but may cause many false positives)</span></td> </tr> <tr> <th scope="row"><label for="filesize_limit">Upper file size limit:</label></th> <td><input type="text" size="3" id="filesize_limit" name="filesize_limit" value="400" />KB <span class="description">(files larger than this are skipped and will be listed at the end of scan)</span></td> </tr> <tr class="hide-if-no-js"> <th scope="row"><label for="max_test_files">Number of files per batch:</label></th> <td> <select id="max_test_files" name="max_test_files"> <option value="100">100</option> <option value="150" selected="selected">150</option> <option value="250">250</option> <option value="500">500</option> <option value="1000">1000</option> </select> <span class="description">(to help reduce memory limit errors the scan processes a series of file batches)</span> </td> </tr> </table> <p class="submit"><input type="submit" id="run-scanner" class="button-primary" value="Run the Scan" /></p> </form> <script type="text/javascript"> jQuery(document).ready(function($){ $('#run-scanner').click( function() { var fsl = $('#filesize_limit').val(), max = parseInt( $('#max_test_files').val() ), dis = ($('#display_pattern:checked').val() !== undefined); $('#scan-results').hide(); $('#scan-loader').show(); exploitscanner_file_scan(0, fsl, max, dis); return false; }); $('#hide-skipped').toggle( function() { $('.skipped-file').hide(); $(this).html('Show skipped files'); }, function() { $('.skipped-file').show(); $(this).html('Hide skipped files'); }); }); var exploitscanner_file_scan = function(s, fsl, max, dis) { jQuery.post( ajaxurl, { action: 'exploit-scanner_file_scan', start: s, filesize_limit: fsl, max_batch_size: max, display_pattern: dis, _ajax_nonce: '<?php echo wp_create_nonce('exploit-scanner_scan'); ?> ' }, function(r) { if ( 'Complete' != r ) { jQuery('#scan-loader span').html(r); exploitscanner_file_scan(s+max, fsl, max, dis); } else { exploitscanner_db_scan(); } }); }; var exploitscanner_db_scan = function() { jQuery('#scan-loader span').html('Scanning database...'); jQuery.post( ajaxurl, { action: 'exploit-scanner_db_scan', _ajax_nonce: '<?php echo wp_create_nonce('exploit-scanner_scan'); ?> ' }, function(r) { jQuery('#scan-loader img').hide(); jQuery('#scan-loader span').html('Scan complete. Refresh the page to view the results.'); window.location.reload(false); }); }; </script> <div id="scan-loader" style="display:none;margin:10px;padding:10px;background:#f7f7f7;border:1px solid #c6c6c6;text-align:center"> <p><strong>Searching your filesystem and database for possible exploit code</strong></p> <p><span style="margin-right:5px">Files scanned: 0...</span><img src="<?php echo plugins_url('loader.gif', __FILE__); ?> " height="16px" width="16px" alt="loading-icon" /></p> </div> <div id="scan-results"> <?php if (!$results) { ?> <h3>Results</h3><p>No results stored.</p> <?php } else { exploitscanner_show_results($results); } ?> </div> <h3>General Information</h3> <?php echo exploitscanner_list_admins(); ?> <h4>DISCLAIMER</h4> <p>Unfortunately it's impossible to catch every hack and it's all too easy to catch false positives (show a file as suspicious when in reality it is clean). If you have been hacked, this script may help you track down what files, comments or posts have been modified. On the other hand, if this script indicates your blog is clean, don't believe it. This is far from foolproof.</p> <p><strong>For the paranoid...</strong><br /> To prevent someone hiding malicious code inside this plugin and to check that the signatures file hasn't been changed, here are the MD5 hashes of these files. Compare them with the references on the plugin homepage. You'll get extra points if you check this file has the actual md5_file() calls.</p> <p style="text-align: center">MD5 of exploit-scanner.php: <code><?php echo md5_file(__FILE__); ?> </code></p> <?php if (file_exists(dirname(__FILE__) . '/hashes-' . $wp_version . '.php')) { ?> <p style="text-align: center">MD5 of hashes-<?php echo $wp_version; ?> .php: <code><?php echo md5_file(dirname(__FILE__) . '/hashes-' . $wp_version . '.php'); ?> </code></p> <?php } ?> </div> <?php }
/** * Display scan initiation form and any stored results. */ function exploitscanner_results_page() { global $wp_version; delete_transient('exploitscanner_results_trans'); delete_transient('exploitscanner_files'); $results = get_option('exploitscanner_results'); ?> <p>This script searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. It does <strong>NOT</strong> remove anything, this is left for the user to do.</p> <form action="<?php admin_url('tools.php?page=exploit-scanner'); ?> " method="post"> <?php wp_nonce_field('exploitscanner-scan_all'); ?> <input type="hidden" name="action" value="scan" /> <table class="form-table"> <tr> <th scope="row"><label for="display_pattern">Search for suspicious styles:</label></th> <td><input type="checkbox" id="display_pattern" name="display_pattern" checked="checked" value="1" /> <span class="description">(<code>display:none</code> and <code>visibility:hidden</code> can be used to hide spam, but may cause many false positives)</span></td> </tr> <tr> <th scope="row"><label for="filesize_limit">Upper file size limit:</label></th> <td><input type="text" size="3" id="filesize_limit" name="filesize_limit" value="400" />KB <span class="description">(files larger than this are skipped and will be listed at the end of scan)</span></td> </tr> <tr class="hide-if-no-js"> <th scope="row"><label for="max_test_files">Number of files per batch:</label></th> <td> <select id="max_test_files" name="max_test_files"> <option value="100">100</option> <option value="150">150</option> <option value="250" selected="selected">250</option> <option value="500">500</option> <option value="1000">1000</option> </select> <span class="description">(to help reduce memory limit errors the scan processes a series of file batches)</span> </td> </tr> </table> <p class="submit"><input type="submit" id="run-scanner" class="button-primary" value="Run the Scan" /></p> </form> <div id="scan-loader" style="display:none;margin:10px;padding:10px;background:#f7f7f7;border:1px solid #c6c6c6;text-align:center"> <p><strong>Searching your filesystem and database for possible exploit code</strong></p> <p><span style="margin-right:5px">Files scanned: 0...</span><img src="<?php echo plugins_url('loader.gif', __FILE__); ?> " height="16px" width="16px" alt="loading-icon" /></p> </div> <div id="scan-results"> <?php if (!$results) { ?> <h3>Results</h3><p>Nothing found.</p> <?php } else { exploitscanner_show_results($results); } ?> </div> <h3>General Information</h3> <?php echo exploitscanner_list_admins(); ?> <h4>DISCLAIMER</h4> <p>Unfortunately it's impossible to catch every hack and it's all too easy to catch false positives (show a file as suspicious when in reality it is clean). If you have been hacked, this script may help you track down what files, comments or posts have been modified. On the other hand, if this script indicates your blog is clean, don't believe it. This is far from foolproof.</p> <p><strong>For the paranoid...</strong><br /> To prevent someone hiding malicious code inside this plugin and to check that the signatures file hasn't been changed, here are the MD5 and SHA1 hashes of these files. Compare them with the references on the plugin homepage. You'll get extra points if you check this file has the actual md5_file() and sha1_file() calls.</p> <p style="text-align: center">MD5 of exploit-scanner.php: <code><?php echo md5_file(__FILE__); ?> </code></p> <p style="text-align: center">SHA1 of exploit-scanner.php: <code><?php echo sha1_file(__FILE__); ?> </code></p> <?php if (file_exists(dirname(__FILE__) . '/hashes-' . $wp_version . '.php')) { ?> <p style="text-align: center">MD5 of hashes-<?php echo $wp_version; ?> .php: <code><?php echo md5_file(dirname(__FILE__) . '/hashes-' . $wp_version . '.php'); ?> </code></p> <p style="text-align: center">SHA1 of hashes-<?php echo $wp_version; ?> .php: <code><?php echo sha1_file(dirname(__FILE__) . '/hashes-' . $wp_version . '.php'); ?> </code></p> <?php } }