Thanks to Andrew Kurtis of webhostinghub.com my plugin has now been translated into Spanish of by Jelena Kovacevic. The new language files were tested and packaged in the last release. Now, if you have WPLANG defined as ‘es_ES’ in your wp-config.php file then the Anti-Malware Settings and Scan pages will be output en Español :-)
I’m also thinking of creating a facebook page for my plugin to get more feedback and collaboration form my users. Have some big ideas I would like share and get some help with to move this plugin forward. Leave a comment here and let me know what you think. Would you follow me on facebook? comment, Yes or No.
In the last two weeks I have been working on perfecting a patch for the wp-login.php page that will prevent a swarm of brute-force attacks from guessing your password or bringing down your server. When I first released this patch it was a bit overzealous and caused a few people to be temporarily locked out of their own blogs as their login attempts were incorrectly identified as brute-force attacks.
This patch of mine has also caused a small wave of paranoia because it displays the unconventional (and a possibly spooky) message “Just what do you think you are doing, Dave?“ whenever brute-force or too many failed logins is detected. This message is a quote from the movie 2001: A Space Odyssey. Even though I intended this message to bring out the humor of the situation, I also feel it is very relevant (unless your name is not Dave :-)
The linked response “Open the Pod bay doors, HAL!“ also a quote from the same movie and it’s just there to link you back to the login page should you wan to try to login again.
I have also received many inquiries as to why the wp-login.php file is flagged as an WP Login Exploit on every install of WordPress, even brand new installs of the most current version. This is simply because WordPress has no built-in brute-force protection and it’s login page is exploitable. It has been clearly demonstrated through the widespread attacks on login pages around the world as of late that it is not only vulnerable to password cracks via brute-force but it also has been shown to overload and bring down a whole server if the attacks are too numerous. That is why my patch also prevents the loading of the WordPress bootstrap if a brute-force attack is detected so that your server’s resources are not tied up just telling hackers if they guessed the right password or not.
I hope this helps answer your questions about this new threat and my approach to solving it. Feel free to leave a comment if I could do better explaining anything.
I released the new scan engine in version 1.2.10.05 today. This is the scan process that I’ve had available as a BETA for a couple months but it was not ready for release until now. It take longer because it breaks the scan into smaller processes that complete independently of the scan initiation process. This has a better success rate (especially on server with lots of files or minimal memory) and allows for better error handling.
So there are now two types of scans:
- Quick Scan – Good for small file systems, fast servers, or sites that have post restriction.
- Complete Scan – Good for large file systems, servers with irregular permission issues, or low memory allocation.
The Automatic Fix process and File Viewer have been improved too. It loads nicer now and you can move this new pop-up window around on the page :-).
Please give me feedback on these new features and scan options.
Keeping this plugin cutting-edge with new features and up-to-date with the latest definitions for removing new threats is a lot of work. Please make a donation to support my continued development and enhancement of this plugin.
via New Scan Process for Large Filesystems in BETA Release 1.2.07.30 – GOTMLS.NET.
Well, this Plugin has been out for three months now and has been downloaded over 7,200 times. I’ve received loads of great comments and email about how well it has done removing real threats from people’s servers. However, some people have had trouble getting it to do a large scan on servers without much memory. I have tried many different way of around this but there seems to be no easy way around this problem on some servers.
So, I have decided to take a different approach. I have started rewriting the scan engine and breaking down the scanning process into multiple executions of smaller processes. This will make for a more accurate progress bar, allow for better error handling, and run more efficiently on servers without much memory. So far I have stayed clear of charging out right for this plugin but, to be perfectly honest, I need to start getting more financial support for all the work I am putting into this project. I don’t want to turn anyone who need help away because of their inability to pay. However, I have a family to support and this project doesn’t pay the bills (but I believe it can). If everyone who has registered donated $12 dollars then I could devote myself to this project full-time and everyone will benefit from better protection for their site. I know some of you cannot do this but others can donate even more. Think of how much this plugin is worth to you and donate accordingly.
I will be contacting all of you who have registered, asking for your support, over the next month or so. I feel certain we can make this project a success without blocking access to those who don’t have the means to pay. I’ve already gotten a fair few donations from ecstatic voluntary donors. One such donor I’d like to mention is Graeme Morris of socialidentitydesign.com who not only gave a generous donation but also designed my new Gravatar/Logo. He said: “Your plugin really saved my site, I really want you to develop it more.”
Thank you all for your generous support!
via I need your help! – GOTMLS.NET.
Less than a month in the WordPress Repository and already over 1,400 downloads. There is definitely an unmet need for a Plugin like this. Despite the instant popularity and success of my Malware Removal techniques, even with all the great comments and thanks that I am getting for actively fighting back against these defacement and redirection hacks, I have just come under some criticism from the “Half-Elf” Plugin Monitor, Ipstenu. Though I feel that my strategy in fighting infections is efficient, effective, and easy to implement, she seems to think it is too risky to actually do something about the infected files and suggested I just notify the user of infections like some other security plugins do. To me, it is that very fact that my Plugin can automatically fix the problems it finds that sets it apart from the others. I wrote this software for myself, so that I could easily remove widespread infections on a shared server with one click. Then I made the code available as a WordPress Plugin to be really helpful to those that could not otherwise clear up their infected servers. This Plugin actually removes “Known Threats” from a file, keeping the rest of the file intact, and it even makes a backup of the file before making changes. How cool is that? I’m not one to brag but I must admit I am quite proud of this accomplishment.
I wonder how many people have broken there whole site, by removing a file that was needed by WordPress, because some would-be helpful plugin told them it was infected but couldn’t or wouldn’t fix it. Or, how many people paid Securi to fix their infestation of malicious scripts when my Plugin might have done it for them. I’m not saying this Plugin I wrote is a fix-all for any infection, but what it does, it does well. I wrote it for a specific type of infection and continue to expand it’s range and capabilities as more information comes in from my users.
I am dedicated to seeing this project though and maintaining a successful front line against these malicious infection. With continually growing support from the WordPress community I know that I can grow this program to meet more and more needs and combat new threats as they are discovered.
A big thanks to all those who have commented and rated this Plugin and even more thanks to those who have Donated! You are all keeping this effort alive and letting WordPress know that this Plugin is appreciated.
I just released my new Anti-Malware plugin for WordPress. It is still in BETA but I think it will be very helpful in removing malicious scripts and patching security vulnerabilities.
An example scan that found some threats
Please leave feedback and donate whenever possible.
I haven’t posted anything this whole month because one of my servers got hacked and I’ve spent the last three week working on a new plugin to scan and remove malicious software from my server.
It wasn’t enough for me to just remove the hack. I had to make sure it wouldn’t come back and because it was such a widespread exploit I thought it would be good to release a plugin for other website admins to check their site for themselves.
I looks like my infestation of nasty scripts came in through a vulnerability in an older version of timthumb.php. Apparently any version older that 2.0 can be used to place a file on the server. If that file is a back-door of some kind then the person who put it there could have full access to your server.
I’m still testing and working out the kinks in my security scanner but it should be ready soon…