WordPress.org

Plugin Directory

Changeset 404844


Ignore:
Timestamp:
07/05/11 13:31:39 (3 years ago)
Author:
ampt
Message:

version 1.0.3

Location:
mute-screamer/trunk
Files:
4 added
1 deleted
9 edited

Legend:

Unmodified
Added
Removed
  • mute-screamer/trunk/languages/mute-screamer.pot

    r379805 r404844  
    33msgid "" 
    44msgstr "" 
    5 "Project-Id-Version: Mute Screamer 1.0.1-beta\n" 
     5"Project-Id-Version: Mute Screamer 1.0.3\n" 
    66"Report-Msgid-Bugs-To: http://wordpress.org/tags/mute-screamer\n" 
    7 "POT-Creation-Date: 2011-05-02 11:42:57+00:00\n" 
     7"POT-Creation-Date: 2011-07-05 13:20:57+00:00\n" 
    88"MIME-Version: 1.0\n" 
    99"Content-Type: text/plain; charset=UTF-8\n" 
     
    5555msgstr "" 
    5656 
    57 #: libraries/mscr/Update.php:297 mscr_admin.php:215 views/admin_update.php:3 
     57#: libraries/mscr/Update.php:313 mscr_admin.php:215 views/admin_update.php:3 
    5858msgid "Mute Screamer" 
    5959msgstr "" 
    6060 
    61 #: libraries/mscr/Update.php:298 
     61#: libraries/mscr/Update.php:314 
    6262msgid "All files are up to date." 
    6363msgstr "" 
    6464 
    65 #: libraries/mscr/Update.php:315 libraries/mscr/Update.php:391 
    66 #: libraries/mscr/Update.php:422 
     65#: libraries/mscr/Update.php:331 libraries/mscr/Update.php:407 
     66#: libraries/mscr/Update.php:438 
    6767msgid "You do not have sufficient permissions to update Mute Screamer for this site." 
    6868msgstr "" 
    6969 
    70 #: libraries/mscr/Update.php:330 
     70#: libraries/mscr/Update.php:346 
    7171msgid "%s does not exist." 
    7272msgstr "" 
    7373 
    74 #: libraries/mscr/Update.php:334 
     74#: libraries/mscr/Update.php:350 
    7575msgid "Can not read file %s." 
    7676msgstr "" 
    7777 
    78 #: libraries/mscr/Update.php:343 
     78#: libraries/mscr/Update.php:359 
    7979msgid "Could not connect to phpids.org, please try again later." 
    8080msgstr "" 
    8181 
    82 #: libraries/mscr/Update.php:360 libraries/mscr/Update.php:396 
    83 #: libraries/mscr/Update.php:401 views/admin_update.php:7 
     82#: libraries/mscr/Update.php:376 libraries/mscr/Update.php:412 
     83#: libraries/mscr/Update.php:417 views/admin_update.php:7 
    8484#: views/admin_update.php:34 views/admin_update_diff.php:5 
    8585msgid "Update Mute Screamer" 
    8686msgstr "" 
    8787 
    88 #: libraries/mscr/Update.php:429 
     88#: libraries/mscr/Update.php:445 
    8989msgid "%s can't be upgraded." 
    9090msgstr "" 
     
    230230msgstr "" 
    231231 
    232 #: mute-screamer.php:516 templates/500.php:13 
     232#: mute-screamer.php:516 templates/twentyten/500.php:13 
    233233msgid "There was an error with the page you requested." 
    234234msgstr "" 
    235235 
    236 #: mute-screamer.php:520 templates/500.php:19 
     236#: mute-screamer.php:520 templates/twentyten/500.php:19 
    237237msgid "There was a problem processing your request." 
    238238msgstr "" 
     
    244244msgstr[1] "" 
    245245 
    246 #: templates/500.php:12 
     246#: templates/twentyeleven/500.php:17 
     247msgid "This is somewhat embarrassing, isn’t it?" 
     248msgstr "" 
     249 
     250#: templates/twentyeleven/500.php:18 
     251msgid "It seems there was some sort of problem. Perhaps searching, or one of the links below, can help." 
     252msgstr "" 
     253 
     254#: templates/twentyeleven/500.php:23 templates/twentyten/500.php:18 
     255msgid "%s Unavailable" 
     256msgstr "" 
     257 
     258#: templates/twentyeleven/500.php:24 
     259msgid "There was a problem processing the request." 
     260msgstr "" 
     261 
     262#: templates/twentyeleven/500.php:45 
     263msgid "Most Used Categories" 
     264msgstr "" 
     265 
     266#: templates/twentyeleven/500.php:52 
     267msgid "Try looking in the monthly archives. %1$s" 
     268msgstr "" 
     269 
     270#: templates/twentyten/500.php:12 
    247271msgid "An Error Was Encountered" 
    248 msgstr "" 
    249  
    250 #: templates/500.php:18 
    251 msgid "%s Unavailable" 
    252272msgstr "" 
    253273 
     
    354374 
    355375#: views/admin_options.php:63 
    356 msgid "To setup a warning page you will need to create a template named 500.php for your theme." 
     376msgid "When a warning page is displayed Mute Screamer will look for a template file named 500.php in the current theme's directory. If a 500.php template is not available the 404.php template will be used. If, for some reason the 404.php template is not available the user will be redirected to the homepage." 
    357377msgstr "" 
    358378 
    359379#: views/admin_options.php:64 
    360 msgid "You can find an example 500.php template based on <a href=\"http://wordpress.org/extend/themes/twentyten\">TwentyTen</a> in %s/mute-screamer/templates/500.php" 
    361 msgstr "" 
    362  
    363 #: views/admin_options.php:65 
    364 msgid "If a 500.php template can't be found then 404.php is used, and if that fails it will redirect to the homepage." 
    365 msgstr "" 
    366  
    367 #: views/admin_options.php:69 views/admin_options.php:72 
     380msgid "Sample 500.php templates can be found in %s/mute-screamer/templates" 
     381msgstr "" 
     382 
     383#: views/admin_options.php:68 views/admin_options.php:71 
    368384msgid "WordPress admin warning" 
    369385msgstr "" 
    370386 
    371 #: views/admin_options.php:75 
     387#: views/admin_options.php:74 
    372388msgid "Log user out of the WordPress admin" 
    373389msgstr "" 
    374390 
    375 #: views/admin_options.php:82 
     391#: views/admin_options.php:81 
    376392msgid "Warning threshold" 
    377393msgstr "" 
    378394 
    379 #: views/admin_options.php:85 
     395#: views/admin_options.php:84 
    380396msgid "Minimum impact to show warning page." 
    381397msgstr "" 
    382398 
     399#: views/admin_options.php:90 
     400msgid "IP Banning" 
     401msgstr "" 
     402 
    383403#: views/admin_options.php:91 
    384 msgid "IP Banning" 
    385 msgstr "" 
    386  
    387 #: views/admin_options.php:92 
    388404msgid "Clients can be banned for attacks over a certain threshold or for a number of repeated attacks." 
    389405msgstr "" 
    390406 
    391 #: views/admin_options.php:96 views/admin_options.php:99 
     407#: views/admin_options.php:95 views/admin_options.php:98 
    392408msgid "Enable banning" 
    393409msgstr "" 
    394410 
    395 #: views/admin_options.php:108 
     411#: views/admin_options.php:107 
    396412msgid "Ban time" 
    397413msgstr "" 
    398414 
    399 #: views/admin_options.php:111 
     415#: views/admin_options.php:110 
    400416msgid "Number of seconds a client will be banned." 
    401417msgstr "" 
    402418 
    403 #: views/admin_options.php:116 
     419#: views/admin_options.php:115 
    404420msgid "Ban threshold" 
    405421msgstr "" 
    406422 
    407 #: views/admin_options.php:119 
     423#: views/admin_options.php:118 
    408424msgid "Minimum impact to ban a client." 
    409425msgstr "" 
    410426 
    411 #: views/admin_options.php:124 
     427#: views/admin_options.php:123 
    412428msgid "Attack repeat limit" 
    413429msgstr "" 
    414430 
    415 #: views/admin_options.php:127 
     431#: views/admin_options.php:126 
    416432msgid "Number of repeated attacks before a client is banned (repeat attacks can be under the ban threshold)." 
    417433msgstr "" 
    418434 
    419 #: views/admin_options.php:133 
     435#: views/admin_options.php:132 
    420436msgid "Exceptions" 
    421437msgstr "" 
    422438 
    423 #: views/admin_options.php:137 views/admin_options.php:140 
     439#: views/admin_options.php:136 views/admin_options.php:139 
    424440msgid "Exception fields" 
    425441msgstr "" 
    426442 
     443#: views/admin_options.php:141 
     444msgid "Define fields that will be excluded from PHPIDS. One field per line. We've already added some defaults." 
     445msgstr "" 
     446 
    427447#: views/admin_options.php:142 
    428 msgid "Define fields that will be excluded from PHPIDS. One field per line. We've already added some defaults." 
     448msgid "Example - exlude the POST field my_field: POST.my_field" 
    429449msgstr "" 
    430450 
    431451#: views/admin_options.php:143 
    432 msgid "Example - exlude the POST field my_field: POST.my_field" 
    433 msgstr "" 
    434  
    435 #: views/admin_options.php:144 
    436452msgid "Example - regular expression exclude: /.*foo/i" 
    437453msgstr "" 
    438454 
    439 #: views/admin_options.php:152 views/admin_options.php:155 
     455#: views/admin_options.php:151 views/admin_options.php:154 
    440456msgid "HTML fields" 
    441457msgstr "" 
    442458 
     459#: views/admin_options.php:156 
     460msgid "Define fields that contain HTML and need preparation before hitting the PHPIDS rules." 
     461msgstr "" 
     462 
    443463#: views/admin_options.php:157 
    444 msgid "Define fields that contain HTML and need preparation before hitting the PHPIDS rules." 
    445 msgstr "" 
    446  
    447 #: views/admin_options.php:158 
    448464msgid "Note: Fields must contain valid HTML" 
    449465msgstr "" 
    450466 
    451 #: views/admin_options.php:166 views/admin_options.php:169 
     467#: views/admin_options.php:165 views/admin_options.php:168 
    452468msgid "JSON fields" 
    453469msgstr "" 
    454470 
    455 #: views/admin_options.php:171 
     471#: views/admin_options.php:170 
    456472msgid "Define fields that contain JSON data and should be treated as such." 
    457473msgstr "" 
    458474 
    459 #: views/admin_options.php:181 
     475#: views/admin_options.php:180 
    460476msgid "Save Changes" 
    461477msgstr "" 
  • mute-screamer/trunk/libraries/IDS/Converter.php

    r379805 r404844  
    66 * Requirements: PHP5, SimpleXML 
    77 * 
    8  * Copyright (c) 2008 PHPIDS group (http://php-ids.org) 
     8 * Copyright (c) 2008 PHPIDS group (https://phpids.org) 
    99 * 
    1010 * PHPIDS is free software; you can redistribute it and/or modify 
     
    7777 
    7878    /** 
    79      * Make sure the value to normalize and monitor doesn't contain  
    80      * possibilities for a regex DoS. 
    81      *  
    82      * @param string $value the value to pre-sanitize 
    83      * 
    84      * @static 
    85      * @return string 
    86      */ 
    87     public static function convertFromRepetition($value)  
    88     { 
    89         // remove obvios repetition patterns 
    90         $value = preg_replace( 
    91             '/(?:(.{2,})\1{32,})|(?:[+=|\-@\s]{128,})/',  
    92             'x',  
    93             $value 
    94         ); 
    95         return $value; 
    96     } 
    97  
    98     /** 
    9979     * Check for comments and erases them if available 
    10080     * 
     
    124104        $value = preg_replace('/[^\\\:]\/\/(.*)$/m', '/**/$1', $value); 
    125105        $value = preg_replace('/([^\-&])#.*[\r\n\v\f]/m', '$1', $value); 
    126         $value = preg_replace('/[^&\-]#.*\n/m', ' ', $value); 
     106        $value = preg_replace('/([^&\-])#.*\n/m', '$1 ', $value); 
     107        $value = preg_replace('/^#.*\n/m', ' ', $value); 
    127108 
    128109        return $value; 
     
    267248        // normalize obfuscated protocol handlers 
    268249        $value = preg_replace( 
    269             '/(?:j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*)|(d\s*a\s*t\s*a\s*)/ms',  
    270             'javascript', $value 
     250            '/(?:j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*:)|(d\s*a\s*t\s*a\s*:)/ms',  
     251            'javascript:', $value 
    271252        ); 
    272253         
     
    306287        $matches = array(); 
    307288        if(preg_match_all('/(?:(?:\A|[^\d])0x[a-f\d]{3,}[a-f\d]*)+/im', $value, $matches)) { 
    308             foreach($matches[0] as $match) { 
     289            foreach($matches[0] as $match) { 
    309290                $converted = ''; 
    310291                foreach(str_split($match, 2) as $hex_index) { 
     
    336317        $value   = preg_replace($pattern, '"=0', $value); 
    337318         
    338         $value   = preg_replace('/\W+\s*like\s*[^\w\s]+/ims', '1" OR "1"', $value); 
     319        $value   = preg_replace('/[^\w\)]+\s*like\s*[^\w\s]+/ims', '1" OR "1"', $value); 
    339320        $value   = preg_replace('/null([,"\s])/ims', '0$1', $value); 
    340321        $value   = preg_replace('/\d+\./ims', ' 1', $value); 
     
    371352            chr(6), chr(7), chr(8), chr(11), chr(12), chr(14), 
    372353            chr(15), chr(16), chr(17), chr(18), chr(19), chr(24),  
    373             chr(25), chr(192), chr(193), chr(238), chr(255) 
     354            chr(25), chr(192), chr(193), chr(238), chr(255), '\\0' 
    374355        ); 
    375356         
     
    509490    public static function convertFromUTF7($value) 
    510491    { 
    511         if(preg_match('/\+A\w+-/m', $value)) { 
     492        if(preg_match('/\+A\w+-?/m', $value)) { 
    512493            if (function_exists('mb_convert_encoding')) { 
    513494                if(version_compare(PHP_VERSION, '5.2.8', '<')) { 
  • mute-screamer/trunk/libraries/IDS/Log/Email.php

    r308144 r404844  
    66 * Requirements: PHP5, SimpleXML 
    77 * 
    8  * Copyright (c) 2008 PHPIDS group (http://php-ids.org) 
     8 * Copyright (c) 2008 PHPIDS group (https://phpids.org) 
    99 * 
    1010 * PHPIDS is free software; you can redistribute it and/or modify 
     
    216216        * delete garbage files 
    217217        */ 
    218         $dir            = $this->tmp_path; 
     218        $dir = $this->tmp_path; 
    219219        $numPrefixChars = strlen($this->file_prefix); 
    220         $files          = scandir($dir); 
     220        $files = scandir($dir); 
    221221        foreach ($files as $file) { 
    222             if (is_file($dir . $file)) { 
     222            if (is_file($dir . DIRECTORY_SEPARATOR . $file)) { 
    223223                if (substr($file, 0, $numPrefixChars) == $this->file_prefix) { 
    224                     $lastModified = filemtime($dir . $file); 
    225  
    226                     if (( 
    227                     time() - $lastModified) > 3600) { 
    228                         unlink($dir . $file); 
     224                    $lastModified = filemtime($dir . DIRECTORY_SEPARATOR . $file); 
     225                    if ((time() - $lastModified) > 3600) { 
     226                        unlink($dir . DIRECTORY_SEPARATOR . $file); 
    229227                    } 
    230228                } 
  • mute-screamer/trunk/libraries/IDS/default_filter.xml

    r379805 r404844  
    147147    <filter> 
    148148        <id>15</id> 
    149         <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@>\-\|])(\s*return\s*)?(?:create(?:element|attribute|textnode)|[a-z]+events?|setattribute|getelement\w+|appendchild|createrange|createcontextualfragment|removenode|parentnode|decodeuricomponent|\wettimeout|option|useragent)(?(1)[^\w%"]|(?:\s*[^@\s\w%",.+\-]))]]></rule> 
     149        <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@\-\|])(\s*return\s*)?(?:create(?:element|attribute|textnode)|[a-z]+events?|setattribute|getelement\w+|appendchild|createrange|createcontextualfragment|removenode|parentnode|decodeuricomponent|\wettimeout|option|useragent)(?(1)[^\w%"]|(?:\s*[^@\s\w%",.+\-]))]]></rule> 
    150150        <description>Detects JavaScript DOM/miscellaneous properties and methods</description> 
    151151        <tags> 
     
    159159    <filter> 
    160160        <id>16</id> 
    161         <rule><![CDATA[([^*\s\w,.\/?+-]\s*)?(?<![a-mo-z]\s)(?<![a-z\/_@>])(\s*return\s*)?(?:alert|inputbox|showmodaldialog|infinity|isnan|isnull|iterator|msgbox|executeglobal|expression|prompt|write(?:ln)?|confirm|dialog|urn|(?:un)?eval|exec|execscript|tostring|status|execute|window|unescape|navigate|jquery|getscript|extend|prototype)(?(1)[^\w%"]|(?:\s*[^@\s\w%",.:\/+\-]))]]></rule> 
     161        <rule><![CDATA[([^*\s\w,.\/?+-]\s*)?(?<![a-mo-z]\s)(?<![a-z\/_@])(\s*return\s*)?(?:alert|inputbox|showmodaldialog|infinity|isnan|isnull|iterator|msgbox|executeglobal|expression|prompt|write(?:ln)?|confirm|dialog|urn|(?:un)?eval|exec|execscript|tostring|status|execute|window|unescape|navigate|jquery|getscript|extend|prototype)(?(1)[^\w%"]|(?:\s*[^@\s\w%",.:\/+\-]))]]></rule> 
    162162        <description>Detects possible includes and typical script methods</description> 
    163163        <tags> 
     
    171171    <filter> 
    172172        <id>17</id> 
    173         <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@>])(\s*return\s*)?(?:hash|name|href|navigateandfind|source|pathname|close|constructor|port|protocol|assign|replace|back|forward|document|ownerdocument|window|top|this|self|parent|frames|_?content|date|cookie|innerhtml|innertext|csstext+?|outerhtml|print|moveby|resizeto|createstylesheet|stylesheets)(?(1)[^\w%"]|(?:\s*[^@\/\s\w%.+\-]))]]></rule> 
     173        <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@])(\s*return\s*)?(?:hash|name|href|navigateandfind|source|pathname|close|constructor|port|protocol|assign|replace|back|forward|document|ownerdocument|window|top|this|self|parent|frames|_?content|date|cookie|innerhtml|innertext|csstext+?|outerhtml|print|moveby|resizeto|createstylesheet|stylesheets)(?(1)[^\w%"]|(?:\s*[^@\/\s\w%.+\-]))]]></rule> 
    174174        <description>Detects JavaScript object properties and methods</description> 
    175175        <tags> 
     
    183183    <filter> 
    184184        <id>18</id> 
    185         <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@>\-\|])(\s*return\s*)?(?:join|pop|push|reverse|reduce|concat|map|shift|sp?lice|sort|unshift)(?(1)[^\w%"]|(?:\s*[^@\s\w%,.+\-]))]]></rule> 
     185        <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@\-\|])(\s*return\s*)?(?:join|pop|push|reverse|reduce|concat|map|shift|sp?lice|sort|unshift)(?(1)[^\w%"]|(?:\s*[^@\s\w%,.+\-]))]]></rule> 
    186186        <description>Detects JavaScript array properties and methods</description> 
    187187        <tags> 
     
    195195    <filter> 
    196196        <id>19</id> 
    197         <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@>\-\|])(\s*return\s*)?(?:set|atob|btoa|charat|charcodeat|charset|concat|crypto|frames|fromcharcode|indexof|lastindexof|match|navigator|toolbar|menubar|replace|regexp|slice|split|substr|substring|escape|\w+codeuri\w*)(?(1)[^\w%"]|(?:\s*[^@\s\w%,.+\-]))]]></rule> 
     197        <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z\/_@\-\|])(\s*return\s*)?(?:set|atob|btoa|charat|charcodeat|charset|concat|crypto|frames|fromcharcode|indexof|lastindexof|match|navigator|toolbar|menubar|replace|regexp|slice|split|substr|substring|escape|\w+codeuri\w*)(?(1)[^\w%"]|(?:\s*[^@\s\w%,.+\-]))]]></rule> 
    198198        <description>Detects JavaScript string properties and methods</description> 
    199199        <tags> 
     
    207207    <filter> 
    208208        <id>20</id> 
    209         <rule><![CDATA[(?:\)\s*\[)|([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z_@>\|])(\s*return\s*)?(?:globalstorage|sessionstorage|postmessage|callee|constructor|content|domain|prototype|try|catch|top|call|apply|url|function|object|array|string|math|if|for\s*(?:each)?|elseif|case|switch|regex|boolean|location|settimeout|setinterval|void|setexpression|namespace|while)(?(1)[^\w%"]|(?:\s*[^@\s\w%".+\-]))]]></rule> 
     209        <rule><![CDATA[(?:\)\s*\[)|([^*":\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z_@\|])(\s*return\s*)?(?:globalstorage|sessionstorage|postmessage|callee|constructor|content|domain|prototype|try|catch|top|call|apply|url|function|object|array|string|math|if|for\s*(?:each)?|elseif|case|switch|regex|boolean|location|settimeout|setinterval|void|setexpression|namespace|while)(?(1)[^\w%"]|(?:\s*[^@\s\w%".+\-\/]))]]></rule> 
    210210        <description>Detects JavaScript language constructs</description> 
    211211        <tags> 
     
    573573    <filter> 
    574574        <id>55</id> 
    575         <rule><![CDATA[(?:\sexec\s+xp_cmdshell)|(?:"\s*!\s*["\w])|(?:from\s+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*\([^\)]*)|(?:";?\s*(?:select|union|having)\s*[^\s])|(?:\wiif\s*\()|(?:exec\s+master\.)|(?:union select @)|(?:union[\w(\s]*select)|(?:select.*\w?user\()|(?:into[\s+]+(?:dump|out)file\s*")]]></rule> 
     575        <rule><![CDATA[(?:\sexec\s+xp_cmdshell)|(?:"\s*!\s*["\w])|(?:from\W+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*\([^\)]*)|(?:";?\s*(?:select|union|having)\s*[^\s])|(?:\wiif\s*\()|(?:exec\s+master\.)|(?:union select @)|(?:union[\w(\s]*select)|(?:select.*\w?user\()|(?:into[\s+]+(?:dump|out)file\s*")]]></rule> 
    576576        <description>Detects MSSQL code execution and information gathering attempts</description> 
    577577        <tags> 
     
    593593    <filter> 
    594594        <id>57</id> 
    595         <rule><![CDATA[(?:,.*[)\da-f"]"(?:".*"|\Z|[^"]+))|(?:select\s*\*\s*from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s*\(\s*space\s*\()]]></rule> 
     595        <rule><![CDATA[(?:,.*[)\da-f"]"(?:".*"|\Z|[^"]+))|(?:\Wselect.+\W*from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s*\(\s*space\s*\()]]></rule> 
    596596        <description>Detects MySQL comment-/space-obfuscated injections and backtick termination</description> 
    597597        <tags> 
     
    737737        </tags> 
    738738        <impact>6</impact> 
     739    </filter> 
     740  <filter> 
     741        <id>72</id> 
     742        <rule><![CDATA[(?:(sleep\((\s*)(\d*)(\s*)\)|benchmark\((.*)\,(.*)\)))]]></rule> 
     743        <description>Detects blind sqli tests using sleep() or benchmark().</description> 
     744        <tags> 
     745            <tag>sqli</tag> 
     746            <tag>id</tag> 
     747        </tags> 
     748        <impact>4</impact> 
     749    </filter> 
     750    <filter> 
     751        <id>73</id> 
     752        <rule><![CDATA[(?i:(\%SYSTEMROOT\%))]]></rule> 
     753        <description>An attacker is trying to locate a file to read or write.</description> 
     754        <tags> 
     755            <tag>files</tag> 
     756            <tag>id</tag> 
     757        </tags> 
     758        <impact>4</impact> 
    739759    </filter>    
     760    <filter> 
     761        <id>74</id> 
     762        <rule><![CDATA[(?i:(ping(.*)[\-(.*)\w|\w(.*)\-]))]]></rule> 
     763        <description>Detects remote code exectuion tests. Will match "ping -n 3 localhost" and "ping localhost -n 3" </description> 
     764        <tags> 
     765            <tag>Command Execution</tag> 
     766            <tag>id</tag> 
     767        </tags> 
     768        <impact>5</impact> 
     769    </filter>        
     770    <filter> 
     771        <id>75</id> 
     772        <rule><![CDATA[(?:(((.*)\%[c|d|i|e|f|g|o|s|u|x|p|n]){8}))]]></rule> 
     773        <description>Looking for a format string attack</description> 
     774        <tags> 
     775            <tag>format string</tag> 
     776        </tags> 
     777        <impact>4</impact> 
     778    </filter>  
     779    <filter> 
     780        <id>76</id> 
     781        <rule><![CDATA[(?:(union(.*)select(.*)from))]]></rule> 
     782        <description>Looking for basic sql injection. Common attack string for mysql, oracle and others.</description> 
     783        <tags> 
     784            <tag>sqli</tag> 
     785            <tag>id</tag> 
     786        </tags> 
     787        <impact>3</impact> 
     788    </filter> 
     789    <filter> 
     790        <id>77</id> 
     791        <rule><![CDATA[(?:^(-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|1e309)$)]]></rule> 
     792        <description>Looking for intiger overflow attacks, these are taken from skipfish, except 2.2250738585072007e-308 is the "magic number" crash</description> 
     793        <tags> 
     794            <tag>sqli</tag> 
     795            <tag>id</tag> 
     796        </tags> 
     797        <impact>3</impact> 
     798    </filter>         
    740799</filters> 
  • mute-screamer/trunk/libraries/mscr/Update.php

    r385281 r404844  
    394394        // Admin header requires these variables to be in scope 
    395395        // TODO: Test for multisite variables that need to be in scope 
    396         global $hook_suffix, $pagenow, $is_iphone, $current_screen, $user_identity, $wp_locale; 
     396        global $hook_suffix, $pagenow, $is_iphone, $current_screen, $user_identity, $wp_locale, $wp_version; 
    397397        require_once(ABSPATH . 'wp-admin/admin-header.php'); 
    398398    } 
  • mute-screamer/trunk/libraries/mscr/functions.php

    r379805 r404844  
    3434    } 
    3535} 
     36 
     37/** 
     38 * Add additional body classes for the 500.php template 
     39 * 
     40 * @param array 
     41 * @return void 
     42 */ 
     43if( ! function_exists( 'mscr_body_class' ) ) { 
     44    function mscr_body_class( $classes ) { 
     45        $classes[] = 'error404'; 
     46        $classes[] = 'error500'; 
     47        return $classes; 
     48    }    
     49} 
  • mute-screamer/trunk/mute-screamer.php

    r385281 r404844  
    55Description: <a href="http://phpids.org/">PHPIDS</a> for Wordpress. 
    66Author: ampt 
    7 Version: 1.0.2 
     7Version: 1.0.3 
    88Author URI: http://notfornoone.com/ 
    99*/ 
     
    5252 
    5353    const INTRUSIONS_TABLE  = 'mscr_intrusions'; 
    54     const VERSION           = '1.0.2'; 
     54    const VERSION           = '1.0.3'; 
    5555    const DB_VERSION        = 2; 
    5656    const POST_TYPE         = 'mscr_ban'; 
     
    655655            'COOKIE.__utmz', 
    656656            'REQUEST.s_pers', 
    657             'COOKIE.s_pers' 
     657            'COOKIE.s_pers', 
     658            'REQUEST.user_pass', 
     659            'POST.user_pass', 
     660            'REQUEST.pass1', 
     661            'POST.pass1', 
     662            'REQUEST.pass2', 
     663            'POST.pass2', 
    658664        ); 
    659665 
  • mute-screamer/trunk/readme.txt

    r385281 r404844  
    11=== Mute Screamer === 
    22Contributors: ampt 
    3 Tags: phpids, intrusion detection, security, ids 
     3Tags: phpids, intrusion detection, security, ids, wordpress phpids 
    44Requires at least: 3.0 
    5 Tested up to: 3.1.2 
    6 Stable tag: 1.0.2 
     5Tested up to: 3.2 
     6Stable tag: 1.0.3 
    77 
    88PHPIDS for Wordpress 
     
    4141 
    4242== Changelog == 
     43 
     44= 1.0.3 = 
     45 
     46* Latest PHPIDS rules and converter 
     47* Fix email logger tmp file cleanup 
     48* Twenty Eleven 500 template 
     49* Add password fields to default exceptions 
     50* Minor bug fixes 
    4351 
    4452= 1.0.2 = 
  • mute-screamer/trunk/views/admin_options.php

    r379805 r404844  
    6161 
    6262        <h3><?php _e( 'Warning Page', 'mute-screamer' ); ?></h3> 
    63         <p><?php _e( 'To setup a warning page you will need to create a template named 500.php for your theme.', 'mute-screamer' ); ?></p> 
    64         <p><?php printf( __( 'You can find an example 500.php template based on <a href="http://wordpress.org/extend/themes/twentyten">TwentyTen</a> in %s/mute-screamer/templates/500.php', 'mute-screamer' ), str_replace( ABSPATH, '', WP_PLUGIN_DIR ) ); ?></p> 
    65         <p><?php _e( "If a 500.php template can't be found then 404.php is used, and if that fails it will redirect to the homepage.", 'mute-screamer' ); ?></p> 
     63        <p><?php _e( "When a warning page is displayed Mute Screamer will look for a template file named 500.php in the current theme's directory. If a 500.php template is not available the 404.php template will be used. If, for some reason the 404.php template is not available the user will be redirected to the homepage.", 'mute-screamer' ); ?></p> 
     64        <p><?php printf( __( "Sample 500.php templates can be found in %s/mute-screamer/templates", 'mute-screamer' ), str_replace( ABSPATH, '', WP_PLUGIN_DIR ) ); ?></p> 
    6665        <table class="form-table"> 
    6766            <tbody> 
Note: See TracChangeset for help on using the changeset viewer.