WordPress.org

Plugin Directory

Changeset 525765


Ignore:
Timestamp:
04/01/12 10:14:18 (2 years ago)
Author:
ampt
Message:

version 1.0.6

Location:
mute-screamer/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • mute-screamer/trunk/languages/mute-screamer.pot

    r506437 r525765  
    33msgid "" 
    44msgstr "" 
    5 "Project-Id-Version: Mute Screamer 1.0.5\n" 
     5"Project-Id-Version: Mute Screamer 1.0.6\n" 
    66"Report-Msgid-Bugs-To: http://wordpress.org/tags/mute-screamer\n" 
    7 "POT-Creation-Date: 2012-02-17 09:55:38+00:00\n" 
     7"POT-Creation-Date: 2012-04-01 09:54:06+00:00\n" 
    88"MIME-Version: 1.0\n" 
    99"Content-Type: text/plain; charset=UTF-8\n" 
     
    4747msgstr "" 
    4848 
    49 #: libraries/mscr/Update.php:319 mscr_admin.php:280 views/admin_update.php:3 
     49#: libraries/mscr/Update.php:326 mscr_admin.php:280 views/admin_update.php:3 
    5050msgid "Mute Screamer" 
    5151msgstr "" 
    5252 
    53 #: libraries/mscr/Update.php:320 
     53#: libraries/mscr/Update.php:327 
    5454msgid "All files are up to date." 
    5555msgstr "" 
    5656 
    57 #: libraries/mscr/Update.php:337 libraries/mscr/Update.php:413 
    58 #: libraries/mscr/Update.php:444 
     57#: libraries/mscr/Update.php:344 libraries/mscr/Update.php:420 
     58#: libraries/mscr/Update.php:451 
    5959msgid "You do not have sufficient permissions to update Mute Screamer for this site." 
    6060msgstr "" 
    6161 
    62 #: libraries/mscr/Update.php:352 
     62#: libraries/mscr/Update.php:359 
    6363msgid "%s does not exist." 
    6464msgstr "" 
    6565 
    66 #: libraries/mscr/Update.php:356 
     66#: libraries/mscr/Update.php:363 
    6767msgid "Can not read file %s." 
    6868msgstr "" 
    6969 
    70 #: libraries/mscr/Update.php:365 
     70#: libraries/mscr/Update.php:372 
    7171msgid "Could not connect to phpids.org, please try again later." 
    7272msgstr "" 
    7373 
    74 #: libraries/mscr/Update.php:382 libraries/mscr/Update.php:418 
    75 #: libraries/mscr/Update.php:423 views/admin_update.php:7 
     74#: libraries/mscr/Update.php:389 libraries/mscr/Update.php:425 
     75#: libraries/mscr/Update.php:430 views/admin_update.php:7 
    7676#: views/admin_update.php:34 views/admin_update_diff.php:5 
    7777msgid "Update Mute Screamer" 
    7878msgstr "" 
    7979 
    80 #: libraries/mscr/Update.php:451 
     80#: libraries/mscr/Update.php:458 
    8181msgid "%s can't be upgraded." 
    8282msgstr "" 
     
    519519msgid "These revisions are identical." 
    520520msgstr "" 
     521#. Plugin Name of the plugin/theme 
     522msgid "Mute Screamer" 
     523msgstr "" 
    521524 
    522525#. Plugin URI of the plugin/theme 
  • mute-screamer/trunk/libraries/IDS/default_filter.xml

    r506437 r525765  
    4242    <filter> 
    4343        <id>5</id> 
    44         <rule><![CDATA[(?:\W\s*hash\s*[^\w\s-])|(?:\w+=\W*[^,]*,[^\s(]\s*\()|(?:\?"[^\s"]":)|(?:(?<!\/)__[a-z]+__)|(?:(?:^|[\s)\]\}])(?:s|g)etter\s*=)]]></rule> 
     44        <rule><![CDATA[(?:\W\s*hash\s*[^\w\s-])|(?:\w=\W*[^,]*,[^\s(]\s*\()|(?:\?"[^\s"]":)|(?:(?<!\/)__[a-z]+__)|(?:(?:^|[\s)\]\}])(?:s|g)etter\s*=)]]></rule> 
    4545        <description>Detects hash-contained xss payload attacks, setter usage and property overloading</description> 
    4646        <tags> 
     
    9292    <filter> 
    9393        <id>10</id> 
    94         <rule><![CDATA[(?:(?:\/|\\)?\.+(\/|\\)(?:\.+)?)|(?:\w+\.exe\??\s)|(?:;\s*\w+\s*\/[\w*-]+\/)|(?:\d\.\dx\|)|(?:%(?:c0\.|af\.|5c\.))|(?:\/(?:%2e){2})]]></rule> 
     94        <rule><![CDATA[(?:(?:\/|\\)?\.+(\/|\\)(?:\.+)?)|(?:\w\.exe\??\s)|(?:;\s*\w+\s*\/[\w*-]+\/)|(?:\d\.\dx\|)|(?:%(?:c0\.|af\.|5c\.))|(?:\/(?:%2e){2})]]></rule> 
    9595        <description>Detects basic directory traversal</description> 
    9696        <tags> 
     
    135135    <filter> 
    136136        <id>14</id> 
    137         <rule><![CDATA[(?:#@~\^\w+)|(?:\w+script:|@import[^\w]|;base64|base64,)|(?:\w+\s*\([\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+\))]]></rule> 
     137        <rule><![CDATA[(?:#@~\^\w+)|(?:\wscript:|@import[^\w]|;base64|base64,)|(?:\w\s*\([\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+\))]]></rule> 
    138138        <description>Detects possible includes, VBSCript/JScript encodeed and packed functions</description> 
    139139        <tags> 
     
    243243    <filter> 
    244244        <id>23</id> 
    245         <rule><![CDATA[(?:\.\s*\w+\W*=)|(?:\W\s*(?:location|document)\s*\W[^({[;]+[({[;])|(?:\(\w+\?[:\w]+\))|(?:\w{2,}\s*=\s*\d+[^&\w]\w+)|(?:\]\s*\(\s*\w+)]]></rule> 
     245        <rule><![CDATA[(?:\.\s*\w+\W*=)|(?:\W\s*(?:location|document)\s*\W[^({[;]+[({[;])|(?:\(\w+\?[:\w]+\))|(?:\w{2}\s*=\s*\d+[^&\w]\w+)|(?:\]\s*\(\s*\w+)]]></rule> 
    246246        <description>Detects JavaScript location/document property access and window access obfuscation</description> 
    247247        <tags> 
     
    263263    <filter> 
    264264        <id>25</id> 
    265         <rule><![CDATA[(?:=\s*[$\w]\s*[\(\[])|(?:\(\s*(?:this|top|window|self|parent|_?content)\s*\))|(?:src\s*=s*(?:\w+:|\/\/))|(?:\w+\[("\w+"|\w+\|\|))|(?:[\d\W]\|\|[\d\W]|\W=\w+,)|(?:\/\s*\+\s*[a-z"])|(?:=\s*\$[^([]*\()|(?:=\s*\(\s*")]]></rule> 
     265        <rule><![CDATA[(?:=\s*[$\w]\s*[\(\[])|(?:\(\s*(?:this|top|window|self|parent|_?content)\s*\))|(?:src\s*=s*(?:\w+:|\/\/))|(?:\w\[("\w+"|\w+\|\|))|(?:[\d\W]\|\|[\d\W]|\W=\w+,)|(?:\/\s*\+\s*[a-z"])|(?:=\s*\$[^([]*\()|(?:=\s*\(\s*")]]></rule> 
    266266        <description>Detects obfuscated JavaScript script injections</description> 
    267267        <tags> 
     
    470470    <filter> 
    471471        <id>45</id> 
    472         <rule><![CDATA[(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:like\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,"-]+from)|(?:find_in_set\s*\()]]></rule> 
     472        <rule><![CDATA[(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w\s+like\s+\")|(?:like\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,"-]+from)|(?:find_in_set\s*\()]]></rule> 
    473473        <description>Detects basic SQL authentication bypass attempts 2/3</description> 
    474474        <tags> 
     
    647647    <filter> 
    648648        <id>63</id> 
    649         <rule><![CDATA[(?:[\w.-]+@[\w.-]+%(?:[01][\db-ce-f])+\w+:)]]></rule> 
     649        <rule><![CDATA[(?:[\w.-]@[\w.-]+%(?:[01][\db-ce-f])+\w+:)]]></rule> 
    650650        <description>Detects common mail header injections</description> 
    651651        <tags> 
  • mute-screamer/trunk/libraries/mscr/Update.php

    r506437 r525765  
    4545 
    4646    /** 
     47     * JSON update data 
     48     * 
     49     * @var string 
     50     */ 
     51    private $json_data = ''; 
     52 
     53    /** 
    4754     * Constructor 
    4855     * 
     
    8693            return false; 
    8794 
     95        // Suppress libxml parsing errors 
     96        $libxml_use_errors = libxml_use_internal_errors( true ); 
     97 
    8898        // Initialise the update cache 
    8999        $this->updates = array(); 
     
    93103        delete_site_transient( 'mscr_requests_cache' ); 
    94104 
    95         // Suppress libxml parsing errors 
    96         $libxml_use_errors = libxml_use_internal_errors( true ); 
     105        // Fetch the remote sha1's 
     106        $this->sha1_fetch(); 
    97107 
    98108        foreach ( $this->files as $file ) { 
    99109            $this->file = $file; 
    100  
    101             // Fetch the remote sha1 
    102             $this->sha1_fetch(); 
     110            $this->updates['updates'][$this->file] = new stdClass; 
    103111 
    104112            // Is the sha1 different? 
     
    203211     */ 
    204212    private function sha1_fetch() { 
    205         $url = 'http://phpids.org/hash.php?f='.$this->file; 
     213        $url = 'http://ampt.github.com/mute-screamer/update.json'; 
    206214        $response = $this->remote_get( $url ); 
    207215 
     
    212220        } 
    213221 
    214         $this->updates['updates'][$this->file] = new stdClass; 
    215         $this->updates['updates'][$this->file]->responses['sha1'] = $response['body']; 
     222        $this->json_data = json_decode( $response['body'], true ); 
    216223    } 
    217224 
     
    246253            return false; 
    247254 
    248         // Problem fetching remote file 
    249         if ( ! isset( $this->updates['updates'][$this->file] ) ) 
     255        // Problem fetching json data? 
     256        if ( ! isset( $this->json_data[$this->file] ) ) 
    250257            return false; 
    251258 
    252259        $local_sha1  = sha1_file( $local_file ); 
    253         $remote_sha1 = $this->updates['updates'][$this->file]->responses['sha1']; 
     260        $remote_sha1 = $this->json_data[$this->file]; 
    254261 
    255262        if ( $local_sha1 == $remote_sha1 ) 
  • mute-screamer/trunk/mute-screamer.php

    r506437 r525765  
    55Description: <a href="http://phpids.org/">PHPIDS</a> for Wordpress. 
    66Author: ampt 
    7 Version: 1.0.5 
     7Version: 1.0.6 
    88Author URI: http://notfornoone.com/ 
    99*/ 
     
    5252 
    5353    const INTRUSIONS_TABLE  = 'mscr_intrusions'; 
    54     const VERSION           = '1.0.5'; 
     54    const VERSION           = '1.0.6'; 
    5555    const DB_VERSION        = 2; 
    5656    const POST_TYPE         = 'mscr_ban'; 
  • mute-screamer/trunk/readme.txt

    r506440 r525765  
    11=== Mute Screamer === 
    22Contributors: ampt 
    3 Tags: phpids, intrusion detection, security, ids, wordpress phpids 
     3Tags: phpids, intrusion detection, security, ids, wordpress phpids, xss, sql injection, csrf 
    44Requires at least: 3.0 
    55Tested up to: 3.3 
     
    1010== Description == 
    1111 
    12 Mute Screamer uses [PHPIDS](http://phpids.org/) to detect attacks on your Wordpress site and react in a way that you choose. 
     12[Mute Screamer](http://ampt.github.com/mute-screamer/) uses [PHPIDS](http://phpids.org/) to detect attacks on your Wordpress site and react in a way that you choose. 
    1313 
    1414Requires PHP 5.2 or higher. 
     
    4141 
    4242== Changelog == 
     43 
     44= 1.0.6 = 
     45 
     46* Latest PHPIDS rules and converter 
     47* Change the update feed 
    4348 
    4449= 1.0.5 = 
Note: See TracChangeset for help on using the changeset viewer.