/**
* Create a folder in the WordPress upload directory where the plugin will
* store all the temporal or dynamic information.
*
* @return void
*/
public static function create_datastore_folder()
{
$directory = SucuriScan::datastore_folder_path();
if (!file_exists($directory)) {
@mkdir($directory, 0755, true);
}
if (@preg_match(';/uploads/$;', $directory)) {
SucuriScanOption::delete_option(':datastore_path');
SucuriScanInterface::error('Uploads directory must not be used as the data store path.');
} elseif (file_exists($directory)) {
// Create last-logins datastore file.
sucuriscan_lastlogins_datastore_exists();
// Create a htaccess file to deny access from all.
@file_put_contents($directory . '/.htaccess', "Order Deny,Allow\nDeny from all\n", LOCK_EX);
// Create an index.html to avoid directory listing.
@file_put_contents($directory . '/index.html', '<!-- Prevent the directory listing. -->', LOCK_EX);
} else {
SucuriScanOption::delete_option(':datastore_path');
SucuriScanInterface::error('Data folder does not exists and could not be created. Try to <a href="' . SucuriScanTemplate::getUrl('settings') . '">click this link</a> to see
if the plugin is able to fix this error automatically, if this message
reappears you will need to either change the location of the directory from
the plugin general settings page or create this directory manually and give
it write permissions: <code>' . $directory . '</code>');
}
}
/**
* Send a notification to the administrator of the specified events, only if
* the administrator accepted to receive alerts for this type of events.
*
* @param string $event The name of the event that was triggered.
* @param string $content Body of the email that will be sent to the administrator.
* @return void
*/
public static function notify_event($event = '', $content = '')
{
$notify = SucuriScanOption::get_option(':notify_' . $event);
$email = SucuriScanOption::get_option(':notify_to');
$email_params = array();
if (self::is_trusted_ip()) {
$notify = 'disabled';
}
if ($notify == 'enabled') {
if ($event == 'post_publication') {
$event = 'post_update';
} elseif ($event == 'failed_login') {
$settings_url = SucuriScanTemplate::getUrl('settings');
$content .= "<br>\n<br>\n<em>Explanation: Someone failed to login to your " . "site. If you are getting too many of these messages, it is likely your " . "site is under a password guessing brute-force attack [1]. You can disable " . "the failed login alerts from here [2]. Alternatively, you can consider " . "to install a firewall between your website and your visitors to filter " . "out these and other attacks, take a look at Sucuri CloudProxy [3].</em>" . "<br>\n<br>\n" . "[1] <a href='https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing'>" . "https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing</a><br>\n" . "[2] <a href='" . $settings_url . "'>" . $settings_url . "</a> <br>\n" . "[3] <a href='https://sucuri.net/website-firewall/?wpalert'>" . "https://sucuri.net/website-firewall/</a> <br>\n";
} elseif ($event == 'bruteforce_attack') {
// Send a notification even if the limit of emails per hour was reached.
$email_params['Force'] = true;
} elseif ($event == 'scan_checksums') {
$event = 'core_integrity_checks';
$email_params['Force'] = true;
$email_params['ForceHTML'] = true;
} elseif ($event == 'available_updates') {
$email_params['Force'] = true;
$email_params['ForceHTML'] = true;
}
$title = str_replace('_', " ", $event);
$mail_sent = SucuriScanMail::send_mail($email, $title, $content, $email_params);
return $mail_sent;
}
return false;
}
