CIDRAM (Classless Inter-Domain Routing Access Manager) Changelog. === VERSIONING GUIDELINES === CIDRAM adheres to the SemVer guidelines for versioning. Versioning guidelines for SemVer can be found at: === Changes made since last versioned release === (none) === Version/Release 0.4.1 === PATCH RELEASE. - [2016.08.03; Sub-minor code change; Maikuolan]: Added internal language support for Korean (15 language options now supported in total, not including CLI-mode support; Done with machine assistance, I'm not fluent, and it hasn't yet been audited, so, the new translation should be regarded as fuzzy). - [2016.08.06; Sub-minor code change; Maikuolan]: Slightly improved RTL text support; Adjusted the template file to compensate for display problems associated LTR/RTL mixed content. More work done on the documentation translations; Slightly closer to completing the translations for all targeted languages. - [2016.08.06; Sub-minor code change (CIDRAM Wordpress plugin only); Maikuolan]: Opted to removed action hook call and instead load everything immediately, as to avoid conflicts associated with caching plugins and other caching systems which could sometimes prevent requests from being blocked. - [2016.08.07; Sub-minor code change; Maikuolan]: Slightly improved/optimised the template file. Caleb M / Maikuolan, 7th August 2016. === Version/Release 0.4.0 === MINOR RELEASE. - [2016.07.22; Sub-minor code change; Maikuolan]: Added code to perform some simple sanitisation to the block information; This should help to prevent some obscure types of XSS attacks. - [2016.07.23; Minor code change; Maikuolan]: Added internal language support for Japanese (14 language options now supported in total, not including CLI-mode support; I'm not fluent and it hasn't yet been audited, so, the new translation should be regarded as fuzzy). Added a new function: "Greylist"; This can be used in the same way that whitelisting is used, but for escaping a CIDR from a single file, rather than from all files. Slightly improved the signature validator/fixer (can now detect broken/invalid ranges). - [2016.07.26; NEW FEATURE; Maikuolan]: Added some basic support for YAML-like data (note: not a true YAML implementation) to be read from signature files, which can used to specify and modify the values of configuration directives for separate signature sections. Refer - [2016.07.30; Bug-fix; Maikuolan]: Fixed a bug whereby some configuration directives (in particular, "forbid_on_block") would sometimes be incorrectly typecasted, resulting in unexpected behaviour contrary to the documentation. Caleb M / Maikuolan, 31st July 2016. === Version/Release 0.3.1 === PATCH RELEASE. - [2016.06.18; Bug-fix; Maikuolan]: A bug was found by joe38 whereby some of the provider-specific bypasses included in the default CIDRAM signatures would trigger an error instead of the expected CIDRAM Access Denied message, and additionally, some bypasses weren't written with the considerations appropriate to the execution context required from which they were executing; Fixed. Refer - [2016.07.04; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Vietnamese. This totals 10 different language versions of the README documentation now available. Caleb M / Maikuolan, 9th July 2016. === Version/Release 0.3.0 === MINOR RELEASE. - [2016.04.25; Minor code change; Maikuolan]: Signature files can now be specified via the configuration file (and so, modifying core script files in order to add additional custom signature files is no longer required). - [2016.04.27; Sub-minor code change; Maikuolan]: An additional custom rules file added for additional bypasses. - [2016.05.12; Sub-minor code change; Maikuolan]: Added internal language support for Vietnamese (now supported: English, Spanish, French, Indonesian, Italian, Dutch, Portuguese, Vietnamese, Chinese [simplified and traditional]; 10 language options now supported in total). - [2016.05.13; Sub-minor code change; Maikuolan]: Added internal language support for German (11 language options now supported in total). - [2016.05.13; Sub-minor code change; Maikuolan/m7mdtiger]: Added internal language support for Arabic (12 language options now supported in total). - [2016.05.26; Minor code change; Maikuolan]: Added a new i18n shorthand value for "Deny": "Proxy" (for blocking private and anonymous proxies). - [2016.05.27; Minor code change; Maikuolan]: Added the ability to use dated logfiles! Now, some simple variables ({dd}, {mm}, {yyyy}/{yy}, {hh}) can be included when specifying the names to use for logfiles in order to organise logfiles by date/time. Added a new directive ("timeOffset") to account for the possibility of discrepancies between servers and the local time of those using CIDRAM. - [2016.06.13; Minor code change; Maikuolan]: Added the ability to ignore signature sections by identifying their section tags to an ignore file. Refactored a number of closures to reduce code duplication and to improve the their process logic; Some old closures renamed and split into multiple new closures. Added internal language support for Russian (13 language options now supported in total, not including CLI-mode support). Caleb M / Maikuolan, 14th June 2016. === Version/Release 0.2.0 === MINOR RELEASE. - [2016.03.15; Signatures; Maikuolan]: Added Microsoft Azure CIDRs to the IPv4 signatures file; Updating several sections; Changed the "example" CIDRs in the IPv4 custom signatures file to reduce ambiguity (because the previous examples used CIDRs that wouldn't normally be triggered; fixed). - [2016.03.17; Signatures; Maikuolan]: Removed all references to HostExploit and SiteVet from CIDRAM. These two services appear to have not been updated in over a year and a half, and emails I've sent to them to ask whether their services are actively maintained and/or up-to-date seem to have been ignored, as I've not received any replies from them for any of the emails I'd sent. I don't think we should rely on outdated information. I've opted, instead, to include references to and information about the Google Malware Dashboard, which appears to be being updated on a daily basis, have a greater depth of information available and appears to be more reliable, so far. I've already added some new sections for new ASNs to block based upon the information they have available, and may possibly remove and/or modify some old sections in the future based on the information they have available. - [2016.03.18; Minor code change; Maikuolan]: Renamed all "INC" files to "PHP" files and changed all references to them accordingly. Refer - [2016.03.19; Sub-minor code change; Maikuolan]: Changed the default value of the "block_bogons" directive from true to false. Added a new directive, "disable_cli", to optionally disable the CLI mode implementation for CIDRAM. Added a fallback to help deal with situations where multiple IP address server variables may be in use. - [2016.03.21; Bug-fix; Maikuolan]: Improved the way in which we can detect whether we're in CLI-mode (there was a problem previously whereby cronjobs could sometimes be blocked in certain circumstances, and this shouldn't happen normally, thus qualifying this problem as a bug; this improvement corrects this problem). Refer - [2016.03.25; Sub-minor code change; Maikuolan]: Removed references to the "package" tag from all phpDoc page blocks in the package (we don't need these, because we already have README documentation and don't use api-docs). Refer - [2016.03.27; Minor code change; Maikuolan]: Added a "Why Blocked" field for the "Access Denied" page and for logging, to act as a debug mechanism to help track line/offset/section values for triggered signatures. Added code to allow CIDRAM to handle Windows-style linebreaks within the signature files, as so that it can now correctly interpret more than just Unix-style linebreaks. Refer Refer - [2016.03.28; Minor code change; Maikuolan]: Added support for section tags! It's now possible to uniquely identify specific signature sections from the signature files by tagging sections with a section tag; These section tags will be included in the logfiles whenever any of the signatures from the tagged sections are triggered and will appear alongside debug information for the user whenever they're blocked. Refer Refer - [2016.03.31; Signatures; Maikuolan]: Renamed "ipv4_custom.dat" to "ipv4_custom.dat.RenameMe" and renamed "ipv6_custom.dat" to "ipv6_custom.dat.RenameMe". The reason for appending ".RenameMe" onto the end of the names of the custom signature files is to prevent accidentally overwriting these files whenever someone updates CIDRAM blindly (such as via a dependency manager, installer or auto-updater; The custom signature files should be renamed back to their original former names by the user to activate them). Shell-style hashing implemented to all signature files for all comments and for all non-signature and non-syntactical entries; This won't be enforced onto users, but is recommended to improve readability for IDEs and text editors. Added some information from Spamhaus to help users gage the merit of blocking or not blocking some particular ASNs. Numerous new signature sections added to both the IPv4 and IPv6 signature files. Refer Refer - [2016.04.01; Minor code change; Maikuolan]: Renamed "config.ini" to "config.ini.RenameMe". The reason here is the same as the reason for having recently done the same thing to the custom signature files (to prevent accidentally overwriting this file whenever someone updates CIDRAM blindly). Additionally, the configuration file is now optional; The script has fallbacks implemented for all configuration directives and no longer dies an error to the user/client when the configuration file is unavailable. Added a "Reconstructed URL" field for the "Access Denied" page and for logging, to determine which resource was being requested at the time of a user/client being blocked. Refer Refer - [2016.04.02; Bug-fix; Maikuolan]: A bug was found by GaffNet whereby custom whitelist signatures were ignored by the script as of the latest version of the codebase due to the way that whitelist signatures were handled; This has been fixed. Refer - [2016.04.03; Minor code change; Maikuolan]: Added support for Apache-style logging and for serialised logging (this could help any users wanting to integrate CIDRAM with packages such as fail2ban, which require Apache-style logs), and two related new configuration directives. Extended the "forbid_on_block" directive to allow 503 header responses. Added the ability to silently redirect blocked access attempts instead of displaying the usual "Access Denied" page. Did some more minor code refactoring. Refer Refer - [2016.04.04; Minor code change; Maikuolan]: Added support for custom themes; A new directive has been added to the configuration file allowing users to stipulate a custom CSS file to apply to the HTML output template; This and the new custom themes support for CIDRAM will work in the exact same way that custom themes for phpMussel works. Implemented a validator/fixer for checking and fixing signature files; Currently a work-in-progress and a BETA, but seems to function correctly and as intended; Currently only available in CLI, but will be available via other means after work has been completed. Refer - [2016.04.10; Minor code change; Maikuolan]: Added support for section expiry! It's now possible to mark signature sections with an expiry date, to ensure that any signatures they contain won't be triggered after a specified date. This feature is optional; Unmarked signature sections won't expire. - [2016.04.10; Signatures; Maikuolan]: Added numerous new signature sections to the signature files, covering a number of different new ASNs. Added IPs from ZeuS C&C tracker. - [2016.04.12; Minor code change; Maikuolan]: Split the language data files into two dinstinct files per each language; Standard language data and CLI language data. - [2016.04.17; Minor code change; divinity76]: Stricter loading for the configuration file (CIDRAM will now return an error if the configuration file isn't readable). Caleb M / Maikuolan, 18th April 2016. === Version/Release 0.1.2 === PATCH RELEASE. - [2016.03.11; Sub-minor code change; Maikuolan]: When converting all functions to closures (anonymous functions) for the previous release, I missed the "matchElement" function. I'd thought I'd got them all, but I'd missed this one (this function wasn't yet being used anywhere anyhow, so, missing it wouldn't have been particularly problematic, anyhow); In any case, this has now been corrected. - [2016.03.13; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Chinese. This totals 9 different language versions of the README documentation now available. - [2016.03.14; Bug-fix; Maikuolan]: A bug was found within the IPv6Test closure function (used for calculating IPv6 CIDRs), caused by some excess spaces in the code that existed where they shouldn't have existed; Fixed. Refer Caleb M / Maikuolan, 14th March 2016. === Version/Release 0.1.1 === PATCH RELEASE. - [2016.03.03-2016.03.06; Documentation; Maikuolan]: Completed translations for the CIDRAM README documentation (written originally in English) into Spanish, French, Indonesian, Italian, Portuguese and Dutch (none of these translations have been checked/audited by a native/fluent speaker yet, but they should be at least accurate enough to be understood). This totals 7 different language versions of the README documentation now available. - [2016.03.07; Sub-minor code change; Maikuolan]: Converted all functions to closures (anonymous functions), in order to be able to unset them from memory after the script execution has finished (we shouldn't leave unrequired data in the memory afer execution has finished). Changed the blocksize for reading files with the "ReadFile" function from 48KB to 128KB (we can afford this, and this should *slightly* increase the speed of the script). Caleb M / Maikuolan, 7th March 2016. === Version/Release 0.1.0 === MINOR RELEASE (FIRST BETA). - [2015.12.12; Documentation; Maikuolan]: Added a changelog; Added READMEs. Caleb M / Maikuolan, 27th February 2016. Versions < 0.1.0 are ALPHAs.