WordPress.org
Get WordPress

Plugin Directory

Changeset 3250641


Ignore:
Timestamp:
03/04/2025 07:23:42 PM (12 months ago)
Author:
bitslip6
Message:

fix some lock conditions on cheap hosts

Location:
bitfire/trunk
Files:
10 edited

Legend:

Unmodified
Added
Removed

  • bitfire/trunk/error_handler.php

    r3234339 r3250641  
    144144        $e['id'] = uniqid();
    145145        $e['php_ver'] = phpversion();
    146         $e['ref_id'] = $_SERVER['REQUEST_URI']??"na";
     146        $e['ref_id'] = $_SERVER['HTTP_HOST']??'unknown' . $_SERVER['REQUEST_URI']??"/na";
    147147
    148148        $encoded = array_map(function ($k, $v) {

  • bitfire/trunk/readme.txt

    r3250587 r3250641  
    55Tags: security, firewall, malware scanner, waf, activity log
    66Requires at least: 5.0.0
    7 Tested up to: 6.7.1
    8 Stable tag: 4.4.19
     7Tested up to: 6.7.2
     8Stable tag: 4.5.0
    99Requires PHP: 7.4
    1010License: AGPLv3 or later
     
    1717### Enterprise class security
    1818
    19 BitFire is an advanced Runtime Application Self Protection firewall for WordPress. The software requires careful setup and maintenance and is intended for enterprise WordPress installs with dedicated web staff. If you do not intend to actively manage your WordPress security environment you should consider investing in alternate software. BitFire is ment to be run on high end WordPress hosting servers. Low end servers (<$8 / month) might not meet the minimum system requirements and could encounter errors. Pay careful attention to your server in such environments.
    20 
    21 BitFire is commercial software. This free release made publically available on wordpress.org includes some core features including the most advanced traffic logger available for WordPress and our bot blocking functionality
     19BitFire is an advanced Runtime Application Self Protection firewall for WordPress. The software requires careful setup and maintenance and is intended for enterprise WordPress installs with dedicated web staff. If you do not intend to actively manage your WordPress security environment you should consider investing in alternate software. BitFire is ment to be run on high end WordPress hosting servers. Low end servers (<$8 / month) might not meet the minimum system requirements and could encounter errors with file locking, semaphores and shared memory access. Pay careful attention to your server when using BitFire in such environments.
     20
     21BitFire is commercial software used by enterprises with managed security staff. This free release made publically available on wordpress.org includes some core features including the most advanced traffic logger available for WordPress and our bot blocking functionality.
    2222
    2323### Elevate Your Web Security with Cutting-Edge AI and Machine Learning ###
    2424
    25 In an era where digital threats evolve at breakneck speed, traditional security measures no longer suffice. Enter BitFire, the revolutionary WordPress firewall that harnesses the power of Generative AI and Machine Learning. This innovative solution marks a significant leap forward, offering a bespoke security strategy tailored to each individual website.
     25In an era where digital threats evolve at breakneck speed, traditional security measures no longer suffice. BitFire is a revolutionary WordPress firewall that harnesses the power of Generative AI and Machine Learning on hundreds of gigabytes of WordPress traffic. This innovative solution marks a significant leap forward, offering a bespoke security strategy tailored to each individual website.
    2626
    2727BitFire introduces a pioneering "block by default" model, setting a new standard in proactive defense. By generating a unique allow list for each site, it ensures that only legitimate traffic gains entry. This approach blocks zero-day attacks instantly, without the need for frequent signature updates. It's not just a firewall; it's your website's personalized guardian, designed to distinguish between friend and foe with unprecedented accuracy.
     
    9696* Database of 10,000,000+ valid wordpress plugin and theme file hashes.
    9797* Scan up-to 10,000 files per minute with our unique fast-hashing technology.
    98 * Professional US based security experts to perform hand malware removal if needed ($128.00 USD).
     98* Professional US based security experts to perform hand malware removal if needed ($99.00 USD).
    9999
    100100#### Web Application Firewall [PRO]

  • bitfire/trunk/src/bitfire.php

    r3212327 r3250641  
    869869        // TODO: simplify this, we can spare some cycles here, less code, more data
    870870        $f = \BitFire\WAF_ROOT."/data/ip.8.txt";
    871         if (random_int(1, 100) == 81 && file_exists($f)) {
     871        if (mt_rand(1, 100) == 81 && file_exists($f)) {
    872872            $n=un_json(file_get_contents($f));
    873873            $t = time();

  • bitfire/trunk/src/bitfire_pure.php

    r3057065 r3250641  
    688688    public static function new(string $ip, int $browser_id = 0, bool $is_bot = false) : BrowserState {
    689689        $state = new BrowserState();
    690         $state->_iv = random_int(0, 0xFFFFFFFF);
    691         $state->answer = random_int(0xFFFF, 0xFFFFFFFF);
     690        try {
     691            $state->_iv = random_int(0, 0xFFFFFFFF);
     692            $state->answer = random_int(0xFFFF, 0xFFFFFFFF);
     693        } catch(Exception $e) {
     694            $state->_iv = mt_rand(0, 0xFFFFFFFF);
     695            $state->answer = mt_rand(0xFFFF, 0xFFFFFFFF);
     696        }
    692697        $state->time = time();
    693698        $state->_ip = $ip;

  • bitfire/trunk/src/dashboard.php

    r3234339 r3250641  
    951951 
    952952
    953         /*
    954         $nnn = random_int(0, 4);
    955         for ($i = 0; $i<$nnn; $i++) {
    956             $bot->classification |= 1 << random_int(2, 12);
    957         }
    958         */
    959 
    960 
    961953        foreach (REQ_NAMES as $key => $mask) {
    962954            if ($bot->classification & ($mask)) {

  • bitfire/trunk/src/headers.php

    r3057065 r3250641  
    6363        $results = [404, 403, 200];
    6464        $result = $results[array_rand($results)];
    65         $version = random_int(1, 5) .".". random_int(1, 9) ."." . random_int(1,9);
     65        $version = mt_rand(1, 5) .".". mt_rand(1, 9) ."." . mt_rand(1,9);
    6666
    6767        // force head/post methods to return 403, nginx default behavior

  • bitfire/trunk/src/storage.php

    r3212327 r3250641  
    244244
    245245        // 1% of the time clean up old lock files
    246         if (random_int(1,100) == 50) {
     246        if (mt_rand(1,100) == 50) {
    247247            trace("CLEAN_LOCKS");
    248248            $files = glob($base_dir."/*");
     
    255255
    256256        if (!empty($fp) && is_resource($fp)) {
    257             return flock($fp, LOCK_EX | LOCK_NB, $block) ? $fp : null;
     257            return (flock($fp, LOCK_EX | LOCK_NB, $block)) ? $fp : null;
    258258        }
    259259        return null;
     
    264264        if ($sem != null) {
    265265            $t = gettype($sem);
    266             if ($t == "resource") {
     266            if ($t == "resource" || CFG::str('lock_type', 'flock') == "flock") {
    267267                flock($sem, LOCK_UN);
    268268            }
     
    308308            case "shmop":
    309309                // strange case where some systems can get here with no _shmop
    310                 if ($this->_shmop != null) {
     310                if ($this->_shmop != null && !empty($this->_shmop)) {
    311311                    $tmp = $this->_shmop->read($key_name, $type);
    312312                    $success = ($tmp !== NULL);
     
    319319                    @include($file);
    320320                    // remove expired data
    321                     if (!$success) {
     321                    if (!$success && stat($file) !== false) {
    322322                        @unlink($file);
    323323                    }

  • bitfire/trunk/src/util.php

    r3212327 r3250641  
    466466    };
    467467}
     468
    468469
    469470/**
     
    991992
    992993            // write to a temp file, check it, then rename it atomically
    993             $tmp_file = $file->filename . "." . random_int(0xFF, 0xFFFFFF);
     994            $tmp_file = $file->filename . "." . mt_rand(0xFF, 0xFFFFFF);
    994995            $written = file_put_contents($tmp_file, $file->content, $mods);
    995996
     
    18121813
    18131814
    1814 // only used in botfilter
     1815// only used in bot-filter
    18151816function array_shuffle(array $in) : array {
    18161817    $out = array();
    18171818    while(($m = count($in))>0) {
    1818         $t = array_splice($in, random_int(0, $m) , 1);
     1819        $t = array_splice($in, mt_rand(0, $m) , 1);
    18191820        $out[] = $t[0]??0;
    18201821    }

  • bitfire/trunk/uninstall.php

    r2946833 r3250641  
    2727        die("Uninstalling requires administrative privileges.");
    2828    }
     29    else if (!function_exists("current_user_can")) {
     30        die("WordPress error. Unable to determine user capabilities.");
     31    }
    2932
    3033    // uninstall any .htaccess file changes or user.ini changes we might have made,

  • bitfire/trunk/verify.php

    r3212327 r3250641  
    185185    }
    186186
    187     /*
    188     if (random_int(1,5) == 3) {
    189         $result = "pass";
    190         $data['result'] = $result;
    191         file_put_contents($info_file, en_json($data), LOCK_EX);
    192     }
    193     */
    194    
     187   
    195188    //echo "event: status\n";
    196189    echo "id: ". time() . "\n";
Note: See TracChangeset for help on using the changeset viewer.