Changeset 841886
- Timestamp:
- 01/20/2014 04:48:08 PM (12 years ago)
- Location:
- 6scan-protection/trunk
- Files:
-
- 5 edited
-
6scan.php (modified) (1 diff)
-
admin/includes/common.php (modified) (1 diff)
-
modules/signatures/analyzer.php (modified) (4 diffs)
-
modules/signatures/update.php (modified) (2 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
6scan-protection/trunk/6scan.php
r730868 r841886 5 5 Description: 6Scan Security provides enterprise-grade security with a firewall, automatic backup, analytics and much more. 6 6 Author: 6Scan 7 Version: 3.0. 57 Version: 3.0.6 8 8 Author URI: http://www.6scan.com 9 9 */ -
6scan-protection/trunk/admin/includes/common.php
r833716 r841886 4 4 die( 'No direct access allowed' ); 5 5 6 define ( 'SIXSCAN_VERSION' , '3.0. 5.4' );6 define ( 'SIXSCAN_VERSION' , '3.0.6.0' ); 7 7 define ( 'SIXSCAN_HTACCESS_VERSION' , '1' ); 8 8 -
6scan-protection/trunk/modules/signatures/analyzer.php
r829751 r841886 155 155 if ( sixscan_signatures_analyzer_is_env_flag_on( "sixscanstrangerequest" ) ){ 156 156 if ( in_array( 'waf_non_standard_req_disable' , $allowed_waf_rules ) && $is_waf_enabled ) 157 return array('block', ' request_type_' . $_SERVER['REQUEST_METHOD']);158 else 159 $triggered_vuln_type = ' request_type_' . $_SERVER['REQUEST_METHOD'];157 return array('block', 'Abuse of Functionality'); 158 else 159 $triggered_vuln_type = 'Abuse of Functionality'; 160 160 } 161 161 … … 163 163 if ( sixscan_signatures_analyzer_is_env_flag_on( "sixscanwafsqli" ) ){ 164 164 if ( in_array( 'waf_sql_protection_enable' , $allowed_waf_rules ) && $is_waf_enabled ) 165 return array('block', ' sql');166 else 167 $triggered_vuln_type = ' sql';165 return array('block', 'SQL Injection'); 166 else 167 $triggered_vuln_type = 'SQL Injection'; 168 168 } 169 169 … … 171 171 if ( sixscan_signatures_analyzer_is_env_flag_on( "sixscanwafxss" ) ){ 172 172 if ( in_array( 'waf_xss_protection_enable' , $allowed_waf_rules ) && $is_waf_enabled ) 173 return array('block', ' xss');174 else 175 $triggered_vuln_type = ' xss';173 return array('block', 'Cross-Site Scripting'); 174 else 175 $triggered_vuln_type = 'Cross-Site Scripting'; 176 176 } 177 177 … … 179 179 if ( sixscan_signatures_analyzer_is_env_flag_on( "sixscanwafcsrf" ) ){ 180 180 if ( in_array( 'waf_post_csrf_protection_enable' , $allowed_waf_rules ) && $is_waf_enabled ) 181 return array('block', ' csrf');182 else 183 $triggered_vuln_type = ' csrf';181 return array('block', 'Cross-Site Request Forgery'); 182 else 183 $triggered_vuln_type = 'Cross-Site Request Forgery'; 184 184 } 185 185 186 186 /* Filter RFI */ 187 187 if ( sixscan_signatures_analyzer_is_env_flag_on( "sixscanwafrfi" ) ){ 188 if ( in_array( 'waf_rfi_protection_enable' , $allowed_waf_rules ) && $is_waf_enabled ){ 189 $allowed_rfi_scripts = array( '/wp-login.php', '/wp-cron.php' ); 190 191 /* If link is OK to be used with URL as mask */ 192 if ( in_array( $_SERVER['SCRIPT_NAME'] , $allowed_rfi_scripts ) ) 193 return array('ignore',''); 194 195 /* Allow local inclusions */ 196 if ( in_array( 'waf_rfi_local_access_enable' , $allowed_waf_rules ) ){ 197 198 $mixed_site_address = parse_url( home_url() ); 199 200 $current_hostname = $mixed_site_address[ 'host' ] ; 201 202 /* If the RFI doesn't satisfy requested mask - block the request. 203 Have to add "/", to avoid turning good domains (www.site.com) into bad (www.site.com.badsite.com) */ 204 if ( ( sixscan_signatures_analyzer_is_rfi_by_mask( $_SERVER['QUERY_STRING'] , $current_hostname , TRUE ) == FALSE ) 205 && ( sixscan_signatures_analyzer_is_rfi_by_mask( $_SERVER['QUERY_STRING'] , $current_hostname . "/" ) == FALSE ) ) 206 207 return array('block', 'rfi'); 208 209 return array('ignore', ''); 210 } 211 else{ 212 $triggered_vuln_type = 'rfi'; 213 } 214 215 /* RFI with no exclusions - always blocking */ 216 return array('block', 'rfi'); 188 189 $allowed_rfi_scripts = array( '/wp-login.php', '/wp-cron.php' ); 190 /* If link is OK to be used with URL as mask */ 191 if ( in_array( $_SERVER['SCRIPT_NAME'] , $allowed_rfi_scripts ) ) 192 return array('ignore',''); 193 194 /* Allow local inclusions */ 195 $rfi_block = TRUE; 196 if ( in_array( 'waf_rfi_local_access_enable' , $allowed_waf_rules ) ){ 197 198 $mixed_site_address = parse_url( home_url() ); 199 $current_hostname = $mixed_site_address[ 'host' ] ; 200 /* If the RFI doesn't satisfy requested mask - block the request. 201 Have to add "/", to avoid turning good domains (www.site.com) into bad (www.site.com.badsite.com) */ 202 if (!( ( sixscan_signatures_analyzer_is_rfi_by_mask( $_SERVER['QUERY_STRING'] , $current_hostname , TRUE ) == FALSE ) 203 && ( sixscan_signatures_analyzer_is_rfi_by_mask( $_SERVER['QUERY_STRING'] , $current_hostname . "/" ) == FALSE ))) 204 $rfi_block = FALSE; 217 205 } 218 else{ 219 $triggered_vuln_type = 'rfi'; 220 } 206 207 if ($rfi_block){ 208 if ( in_array( 'waf_rfi_protection_enable' , $allowed_waf_rules ) && $is_waf_enabled) 209 return array('block', 'Remote File Inclusion (RFI)'); 210 else 211 $triggered_vuln_type = 'Remote File Inclusion (RFI)'; 212 } 221 213 } 222 214 223 215 /* Trigger is not blocked */ 224 return array('noblock', $triggered_vuln_type); 216 if ( $triggered_vuln_type == 'None' ) 217 return array('ignore', ''); 218 else 219 return array('noblock', $triggered_vuln_type); 225 220 } 226 221 ?> -
6scan-protection/trunk/modules/signatures/update.php
r829751 r841886 227 227 /* We need the site relative path */ 228 228 $rel_path = isset( $mixed_site_address[ 'path' ] ) ? $mixed_site_address[ 'path' ] : ""; 229 230 /* Escape the dot of current hostname for regexps */ 231 $current_hostname = str_replace( "." , "\." , $mixed_site_address[ 'host' ] ); 229 230 $current_hostname = $mixed_site_address[ 'host' ]; 232 231 if ( substr( $current_hostname, 0, 4) === 'www.' ) 233 232 $current_hostname = substr($current_hostname, 4); 233 /* Escape the dot of current hostname for regexps */ 234 $current_hostname = str_replace( "." , "\." , $current_hostname ); 234 235 235 236 $vuln_urls = "#Broad-spectrum protection: User agent/referrer injections. XSS,RFI and SQLI prevention … … 248 249 RewriteCond %{REQUEST_METHOD} ^(POST) [NC] 249 250 RewriteCond %{HTTP_REFERER} !^$ 250 RewriteCond %{HTTP_REFERER} !^ https?://(www.)?" . $current_hostname . " [NC]251 RewriteCond %{HTTP_REFERER} !^(WordPress\/[\d.]+;\s+)?https?://(www.)?" . $current_hostname . " [NC] 251 252 RewriteRule .* - [E=sixscansecuritylog:1,E=sixscanwafcsrf:1] - 252 253 -
6scan-protection/trunk/readme.txt
r818134 r841886 1 1 === 6Scan Security === 2 2 Contributors: 6Scan 3 Version: 3.0. 53 Version: 3.0.6 4 4 Tags: security,secure,wordpress security,firewall,antivirus,security plugin,securty,protection,anti-hack,hack,scan,exploit,anti-virus, malware,google safe browsing, phishing, scrapers, hackers, hacking, server-side agent, hacker attack, IP-blocking, password hacking, suspicious traffic, database hacking, sql-injection, wordpress plugin, dual scan, scan on demand, uptime monitoring, sms notifications, mobile notifications, email notifications, security badge, blacklist monitoring, google monitoring, free scan, free scanner, hacker exploits, security research, security expertssecurty, secrity, secure, login, plugin, privacy, protection, protected, permissions, code, encode, script, attack, hach, blocked, block, prevent, prevention, firewall security, web server security, proxy security, secure website, protected site, secure login, login security, enterprise security, scan, site scanning, automatic backup, web analytics, intrusion, comprehensive security, algorithms, security vulnerabilities 5 5 Requires at least: 3.0.0 … … 322 322 * New Wordpress version + one more scan server added 323 323 324 = 3.0.6 = 325 * Improved attacks detection and blocking 324 326 325 327 == Upgrade Notice ==
Note: See TracChangeset
for help on using the changeset viewer.