CIDRAM (Classless Inter-Domain Routing Access Manager) Changelog. === VERSIONING GUIDELINES === CIDRAM adheres to the SemVer guidelines for versioning. Versioning guidelines for SemVer can be found at: http://www.semver.org/ === Changes made since last versioned release === (none) === Version/Release 1.4.1 === PATCH RELEASE. - [2018.02.06; Maikuolan]: The support forum for the project hosted by Spambot Security has effectively become inoperable and defunct due to unmitigable circumstances concerning its server. Accordingly, the project support forum is hereby deprecated, and all references to the project support forum and to Spambot Security have been removed from the codebase and all documentation. The issues page for the project at GitHub remains as the uncontested primary support endpoint for the project. - [2018.02.14; Sub-minor code change; Maikuolan]: Some very subtle front-end UI improvements; Support for asynchronous requests added to some front-end pages. - [2018.02.15; Sub-minor code change; Maikuolan]: Component update/installation via Cronable should fail if unit tests fail; Added code for this accordingly. - [2018.02.20; Bug-fix; Maikuolan]: The closures for activating and deactivating components via the front-end updates page would fail if non-CRLF linebreaks were used by the configuration file (thanks to senky for reporting this bug); Fixed. Refer github.com/phpMussel/phpMussel/issues/151 - [2018.02.25; Documentation; Maikuolan]: Added a new section to the documentation, "KNOWN COMPATIBILITY PROBLEMS" (8). Refer github.com/CIDRAM/CIDRAM/issues/52 Caleb M (Maikuolan), Feb 26, 2018. === Version/Release 1.4.0 === MINOR RELEASE. - [2017.12.24; Sub-minor code change; Maikuolan]: Signature file extended run rule closures can now return exit codes to trigger greylist or whitelist mechanisms. Improved default signature bypasses so that CIDRAM can play more nicely with Bingbot (occasional false positives with requests originating from Azure ranges). Slightly improved logs filtering and search mechanism. - [2017.12.26; Sub-minor code change; Maikuolan]: Root check safeguard added to the "DNS-Reverse" closure. - [2017.12.27; Minor code change; Maikuolan]: Optional fallback added to "DNS-Reverse" closure for "gethostbyaddr" (can be toggled via a newly added configuration directive). - [2017.12.30; NEW FEATURE; Maikuolan]: Added flag support to the front-end logs page (it should now be possible to filter log entries on the basis of country flags, if any were indicated by the signatures triggered for them). - [2018.01.11; Sub-minor code change; Maikuolan]: Not technically a bug, but DNS lookups shouldn't be performed on localhost addresses due to the risk of false positives. Code modified accordingly. - [2018.01.14; NEW FEATURE; Maikuolan]: Added a "Sections List" page to the front-end (lists all the sections in the signature files and counts the total number of sections and signatures throughout all the signature files). - [2018.01.16; Bug-fix; Maikuolan]: Direct closure sometimes produced errors when running CIDRAM via Cron (e.g., via Cronable) due to SCRIPT_FILENAME sometimes not being defined in that context; Fixed via isset check. - [2018.01.18; Sub-minor code change; Maikuolan]: Performed some minor refactoring. Added checks for origin tags to the CLI signature file validator and fixer. Sections list now checks whether sections have been ignored. - [2018.01.20; Sub-minor code change; Maikuolan]: Slightly improved CLI-mode help information. Caleb M (Maikuolan), Jan 20, 2018. === Version/Release 1.3.0 === MINOR RELEASE. - [2017.10.30; Bug-fix; Maikuolan]: Cancelled or pending CI tests sometimes wouldn't display correctly on the updates page; Fixed. - [2017.11.07; Minor code change; Maikuolan]: Added a new directive, "force_hostname_lookup" (normally, hostname lookups occur on the basis of necessity; e.g., when a module requires hostname information to check against hostname-based signatures; this new directive allows users to force hostname lookups to occur for all requests). Removed hardcoded references to fields from the main template files in favour of having fields generated entirely by the output generator (thus enabling greater control over which fields are generated and displayed for any given instance). Empty fields are now omitted from block events (Access Denied page, logfiles, etc). reCAPTCHA fields are now omitted if reCAPTCHA is entirely disabled. A hostname field is now included in the fields if it isn't empty for any given instance (Access Denied page, logfiles, etc). Added the ability to resolve 6to4 IPv6 addresses to their IPv4 counterparts, and automatically check these resolved addresses against the signature files, alongside the original unresolved IP addresses; This should help to abate the risk of clients attempting to connect through 6to4 as a means to avoid being blocked by IPv4 signatures (technically this shouldn't be possible to do when a network is configured correctly anyhow, but I've recently encountered a few requests that appeared as if they may be such attempts; requests on networks that should only support IPv4, but seemed to occasionally allow requests from non-blocked 6to4 addresses that resolved back to blocked IPv4 addresses). - [2017.11.15; Bug-fix; Maikuolan]: Run commands in signature files encountered consequent to resolving 6to4 addresses were being ignored in some cases (such as in the case of the default signature bypass files); Fixed. - [2017.11.20; Bug-fix; Maikuolan]: The IP test page wasn't checking IPs against modules (it was only checking against signature files); Added an option to the IP test page to allow users to check IPs against either just the signature files, or against both the signature files and modules, fixing the problem (thanks to Dibbyo456 for reporting this bug). Refer github.com/CIDRAM/CIDRAM/issues/43 - [2017.11.23; Bug-fix; Maikuolan]: Bug found by Dibbyo456 whereby the failsafe for ipaddr values correponding to non-existent variables would sometimes prevent modification of ipaddr value via the front-end configuration page, and would cause the default value to always be displayed, instead of the correctly assigned value; Fixed. Refer github.com/CIDRAM/CIDRAM/issues/44 - [2017.11.24; Sub-minor code change; Maikuolan]: Refactored the code for the reCAPTCHA module and slightly improved its UI. - [2017.12.01; Minor code change; Maikuolan]: Added a new directive, "signature_limit", allowing users to specify via configuration the maximum number of signatures allowed to be triggered when a reCAPTCHA instance is to be offered. Previously, this value was hardcoded to 1 (which remains the default value for this new directive). Refer github.com/CIDRAM/CIDRAM/issues/45 - [2017.12.01; Bug-fix; Maikuolan]: PHP version warnings on the front-end homepage weren't always displaying correctly; Fixed. - [2017.12.03; Documentation; Maikuolan]: Extended the "SIGNATURE FORMAT" (7) section of the documentation with additional subsections "BASICS (FOR MODULES)" (7.4), "MODULE FUNCTIONALITY" (7.5), and "MODULE VARIABLES" (7.6). This should be helpful for users wanting to create their own custom modules. - [2017.12.05; Minor code change; Maikuolan]: Improved Cronable API, allowing updates to occur without sending external requests (uses different methods). Shifted a number of update closures from the front-end handler to the front-end functions file for slightly improved efficiency. - [2017.12.06; Bug-fix; Maikuolan]: Fixed a CRITICAL bug introduced yesterday that could result in the updates page deleting files pertinent to components being updated, thus corrupting those components and potentially rendering the package inoperable. - [2017.12.06; Sub-minor code change; Maikuolan]: Added a component file verification option to the updates page. Removed the hotfixes file (this file was intended to fix a number of older problems from previous versions of the package that aren't relevant anymore). - [2017.12.12; NEW FEATURE; Maikuolan]: Added the ability to filter logfile entries displayed via the front-end logs page and improved the overall aesthetics of the logs page. - [2017.12.17; Minor code change; Maikuolan]: Rewrote and improved the code for performing reverse DNS lookups. - [2017.12.21; NEW FEATURE; Maikuolan]: Added support for invisible reCAPTCHA. - [2017.12.22; Bug-fix; Maikuolan]: Bug fixed whereby entries in the ignore.dat would sometimes themselves be ignored, based on their position in the file. - [2017.12.23; NEW FEATURE; Maikuolan]: Added the ability to tally logfile data to the front-end logs page. Caleb M (Maikuolan), 23rd December 2017. === Version/Release 1.2.0 === MINOR RELEASE. - [2017.08.26; Sub-minor code change; Maikuolan]: The front-end updates page now reports the number of added/removed bytes and the total time required for when updating/installing/uninstalling components. - [2017.09.08; NEW FEATURE; Maikuolan]: Added support for Argon2 hashing for passwords and sessions (requires PHP => 7.2.0; updating from older versions of the package won't affect compatibility with older PHP versions, but the option for using Argon2 simply won't be provided for versions < 7.2.0). A new configuration directive ("default_algo") has been added, to allow users to switch between the defined PHP default password hashing algorithm, BCRYPT, and Argon2 (all options are still considered cryptographically secure at this time and remain safe to use, but adding this additional support provides additional choice and control to the end-user regarding encryption). Also rewrote the code for the front-end accounts page accordingly. - [2017.09.17; Sub-minor code change; Maikuolan]: Reworked page filters. Added some new page filters to the IP tracking page to filter out unwanted data and better control the way that data is displayed. - [2017.09.19; NEW FEATURE; Maikuolan]: Built and implemented an aggregator into the front-end for aggregating IPs and CIDRs. It can handle both IPv4 and IPv6, and its addition should make it much easier to cleanly update signature files without needing to rely on external aggregators. - [2017.09.24; Sub-minor code change; Maikuolan]: Added internal language support for Bangla (20 language localisations now completed and available). - [2017.09.25; Sub-minor code change; Maikuolan]: Added rollback capability to the front-end updates page for failed updates/installs (this should help to prevent any corruption or broken installs from occurring due to unforeseen problems, failed connectivity, etc). Added disk space/usage information to the front-end file manager. Added links to vulnerability and compatibility charts onto the front-end homepage. - [2017.09.27; Minor code change; Maikuolan]: Added a pie chart to the file manager, allowing users to visually interpret the footprint imposed by the various files attributed to CIDRAM and its components (requires installing Chart.js via the front-end updates page). Also did some general refactoring of the front-end code. - [2017.09.27; Bug-fix; Maikuolan]: See issue #39 (update bug preventing some specific components from updating at all). - [2017.09.29; Sub-minor code change; Maikuolan]: Added internal language support for Norwegian (21 language localisations now completed and available). - [2017.10.02; Sub-minor code change; Maikuolan]: Slightly improved the way that the front-end logs page behaves. - [2017.10.03; NEW FEATURE; Maikuolan]: Added a new page to the front-end for viewing CIDRAM usage statistics, and a corresponding configuration directive to enable/disable tracking CIDRAM usage statistics. - [2017.10.07; Sub-minor code change; Maikuolan]: Added a simple metadata cleanup routine to the front-end updates page. - [2017.10.08; Sub-minor code change; Maikuolan]: Refactored code. - [2017.10.09; Sub-minor code change; Maikuolan]: Added the ability to fetch component names and extended descriptions from the L10N data. - [2017.10.14; Sub-minor code change; Maikuolan]: Added internal language support for Swedish (22 language localisations now completed and available). - [2017.10.15; Sub-minor code change; Maikuolan]: Improved L10N pluralisation. - [2017.10.26; Sub-minor code change; Maikuolan]: Added CI reports/tests to the front-end updates page. Split the functions file into two distinct files (one containing closures specifically intended for the front-end, and one for everything else; this should increase code maintainability and make things less confusing for future contributors). - [2017.10.27; Sub-minor code change; Maikuolan]: Removed old PHP < 5.4.0 array syntax in favour of newer, short array syntax. - [2017.10.28; Sub-minor code change; Maikuolan]: Added cookie notice to the front-end login page. Made the categories on the front-end configuration page collapsable/expandable (this should help to make the page look less cluttered and easier to navigate). - [2017.10.28; Bug-fix; Maikuolan]: Bug found preventing the activation or deactivation of components via the front-end updates page for multi-domain installations when certain specific conditions were met; Fixed. - [2017.10.29; NEW FEATURE; Maikuolan]: Added an API for Cronable, allowing CIDRAM to be updated automatically via cron. Caleb M (Maikuolan), 29th October 2017. === Version/Release 1.1.0 === MINOR RELEASE. - [2017.07.29; NEW FEATURES; Maikuolan]: Added the ability to execute closures and specific commands when specific conditions are met when using the front-end updates page (installing, uninstalling components, etc). Added a configuration directive to modify the font magnification for the front-end and the Access Denied page. Added information to the front-end homepage about latest stable, unstable, and branch versions for CIDRAM and PHP. - [2017.07.30; Minor code change; Maikuolan]: Added a configuration directive for specifying the preferred way to localise numbers when displaying numeric information via the front-end and any other relevant means. Number L10N is now independent of language choice, and has also been improved upon somewhat. - [2017.08.14; Sub-minor code change; Maikuolan]: CheckFactors closure slightly modified in order to reduce read/write operations when reading signature files and to slightly improve the loading speed for the front-end IP Tracking and IP Test pages. - [2017.08.15; NEW FEATURE; Maikuolan]: Added a new directive for specifying how email addresses should be displayed to users ("emailaddr_display_style"). - [2017.08.16; Sub-minor code change; Maikuolan]: Front-end updates page components false positives risk label now determined by a new, separate entry in the YAML files, which should make it easier in the future to create new components due to not needing to translate these entries in the extended description anymore, and should help to reduce the size of these files. - [2017.08.17; Minor code change; Maikuolan]: Added a configuration directive for temporarily disabling everything except the front-end ("maintenance_mode"). Might be useful in some situations when updating CMS, frameworks, forum systems, etc. Caleb M (Maikuolan), 20th August 2017. === Version/Release 1.0.1 === PATCH RELEASE. - [2017.06.03]: Repository migrated from "Maikuolan/CIDRAM" to "CIDRAM/CIDRAM". All files, documentation, etc, updated accordingly. No disruptions are anticipated as a result of this migration, but if you encounter any, please let us know. - [2017.06.22; Sub-minor code change; Maikuolan]: Slightly improved L10N support (rendering numbers correctly, some punctuation fixes, etc). - [2017.07.23; Sub-minor code change; Maikuolan]: The front-end homepage now warns users if they're using a PHP version with known severe vulnerabilities and exploits ("severe", in this context, defined as vulnerabilities and exploits with a CVSS >= 9.0) and/or a PHP version that isn't actively supported anymore (as determined by the php.net Supported Versions page). The associated code for this is hardcoded manually, and therefore only updates when the package updates (meaning that lack of warning should not necessarily be perceived as a lack of vulnerabilities/exploits nor as an indication of continued active support). Caleb M (Maikuolan), 27th July 2017. === Version/Release 1.0.0 === MAJOR RELEASE (BACKWARDS COMPATIBLE). - [2017.04.10; Sub-minor code change; Maikuolan]: Added internal language support for Thai (17 language localisations now completed and available). - [2017.04.11; Minor code change; Maikuolan]: Added a new directive, "timeFormat", to specify the date/time notation format used by CIDRAM. - [2017.04.12; Sub-minor code change; Maikuolan]: Temporarily removed donate buttons from all project files (possibly may reinstate at a later date). Made some subtle aesthetic improvements to the front-end. - [2017.04.12; Documentation; Furqan Akbar]: Completed translation for the CIDRAM README documentation into Urdu. This totals 16 different language versions of the README documentation now available. - [2017.04.21; Sub-minor code change; Maikuolan]: Improved support for fractions/floats/reals/decimals/etc for configuration directives. Added some basic system information to the front-end homepage, to help with debugging. - [2017.04.22; NEW FEATURE; Maikuolan]: Added the ability to truncate logfiles after they reached a certain size, specified by the newly added "truncate" directive. - [2017.04.22; Bug-fix; Maikuolan]: Fixed a bug whereby version information for certain PHP release candidates would be compared incorrectly when using the front-end updates page (only affects a small number of users). - [2017.04.23; Sub-minor code change; Maikuolan]: Added "previewers" to the front-end configuration page in order to make it easier for users to handle configuration directives that deal with time and byte measurements. - [2017.04.24; NEW FEATURE; Maikuolan]: Added a new configuration directive allowing users to override the default timezone set by PHP. Changed the way that configuration directives dealing with byte measurements are handled as such that the unit now may be specified alongside the directive value (i.e., byte measurements are no longer locked to predefined units); These byte measurements will default to kilobytes when no unit has been specified. - [2017.04.27; NEW FEATURE; Maikuolan]: Added the ability to optionally override configuration directive values on the basis of HTTP_HOST. This should be useful for users running multi-domains installations as a way of enforcing different values for different configuration directives for different domains and sub-domains when necessary. Refer github.com/CIDRAM/CIDRAM/issues/15 - [2017.04.28; Sub-minor code change; Tolga Koçyıldır]: Added internal language support for Turkish (18 language localisations now completed and available). - [2017.04.29; Minor code change; Maikuolan]: Added filtering to the configuration defaults, in order to allow the front-end configuration page to omit any problematic value choices (for example; attempting to switch to a new default language after having deleted its associated language files). - [2017.05.01; Sub-minor code change; Maikuolan]: Subtle improvements for mobile display ("responsiveness"). - [2017.05.04; Sub-minor code change; Maikuolan]: Added internal language support for Hindi (19 language localisations now completed and available). - [2017.05.11; Sub-minor code change; Maikuolan]: Added a simple formatter for displaying log data via the front-end logs page. - [2017.05.19; NEW FEATURE; Maikuolan]: Added full support for custom themes! This expands upon the theme support already previously provided which allowed users to specify custom CSS files to use for the "Access Denied" page, by way of adding full support for custom themes which will now also apply to the front-end, allowing a richer level of customisation, and can be installed via the front-end updates page. - [2017.05.24; Sub-minor code change; Maikuolan]: Slightly improved caching for front-end assets (CSS files, images, etc). - [2017.05.27; Minor code change; Maikuolan]: Added the ability to the front-end updates page to update all components at once, with a single click. Caleb M / Maikuolan, 31st May 2017. === Version/Release 0.9.0 === MINOR RELEASE. - [2017.03.01; Bug-fix; Maikuolan]: Fixed a bug whereby a negative signature count could result in a block event occurring (this shouldn't happen); Fixed. - [2017.03.03; Minor code change; Maikuolan]: Added a directive to optionally enable/disable search engine verification. - [2017.03.05; NEW FEATURE; Maikuolan]: Signature files and modules can now be activated/deactivated directly from the front-end updates page. - [2017.03.08; Documentation; Maikuolan]: New additions to the FAQ. - [2017.03.26; Sub-minor code change; Maikuolan]: Implemented some of Google's webfonts and slightly increased the text size for both the front-end and the default template file; This should significantly improve text readability for CIDRAM (previously, in some situations, it was very difficult to properly read on-screen text produced by CIDRAM). Also implemented some other very small design tweaks in order to improve text readability. - [2017.03.27; Minor code change; Maikuolan]: Added a directive to optionally enable/disable webfonts. - [2017.03.28; Bug-fix; Maikuolan]: Bug introduced 2017.03.05; Fixed. - [2017.03.30; Sub-minor code change; Maikuolan]: Some small, aesthetic improvements done to the front-end. - [2017.04.04; Sub-minor code change; Furqan Akbar]: Added internal language support for Urdu (16 language localisations now completed and available). - [2017.04.04; Sub-minor code change; Maikuolan]: Slightly improved support for switching between RTL/LTR. Caleb M / Maikuolan, 7th April 2017. === Version/Release 0.8.0 === MINOR RELEASE. - [2017.02.06; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Arabic (fuzzy and poor quality though). This totals 14 different language versions of the README documentation now available. - [2017.02.06; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Korean (fuzzy). This totals 15 different language versions of the README documentation now available. - [2017.02.07; Sub-minor code change; Maikuolan]: Slightly improved template files; Replaced all existing doctype declarations with the doctype declaration recommended for HTML5, and slightly improved HTML5 compliance. Added an extra safeguard against bad IPv6 factoring. - [2017.02.11; Sub-minor code change; Maikuolan]: Improved future compatibility with PHP >= 8 ("each" function has been identified as targetted for deprecation as of PHP 7.2.0). Refer wiki.php.net/rfc/deprecations_php_7_2 - [2017.02.12-13; Sub-minor code change; Maikuolan]: Some subtle refactoring. - [2017.02.17; Bug-fix; Maikuolan]: Whitelisting IPs/CIDRs via IPv4/IPv6 signature files wasn't resulting in those IPs/CIDRs being whitelisted against being blocked by module files; Fixed. - [2017.02.17; Sub-minor code change; Maikuolan]: Slightly relaxed some of the restrictions enforced for which filenames can be worked with via the front-end. Added a "hotfix" to automatically detect and update the plugin version cited in the plugins dashboard for when CIDRAM is running as a WordPress plugin. - [2017.02.19; Documentation; Maikuolan]: Front-end documentation added. - [2017.02.20; NEW FEATURE; Maikuolan]: Added a new page to the front-end to allow users to check and revoke bans via IP tracking. - [2017.02.21; NEW FEATURE; Maikuolan]: Added the ability to attach webhooks to signatures and signature sections. - [2017.02.21; Bug-fix; Maikuolan]: Fixed a bug whereby extended expiry dates for bans via IP tracking could be reduced to the default tracktime under some circumstances. - [2017.02.21; Sub-minor code change; Maikuolan]: Added a safeguard to the DNS-Reverse-IPv4 closure to accommodate for allow_url_fopen or fsockopen being disabled by the PHP configuration. - [2017.02.24; Bug-fix; Maikuolan]: Fixed a bug whereby the front-end login logger would sometimes overwrite instead of appending to the front-end logs. - [2017.02.28; Sub-minor code change; Maikuolan]: Small additional safeguard added to the hostname lookup closure function. Caleb M / Maikuolan, 28th February 2017. === Version/Release 0.7.0 === MINOR RELEASE. - [2016.12.15; Bug-fix; Maikuolan]: Files containing underscores weren't deleting when uninstalling components; Fixed. - [2016.12.20; NEW FEATURE; Maikuolan]: Added support for simple CSV signature files (integrated directly into the already existing functionality for processing signature files; CIDRAM should be able to automatically detect whether a signature file uses the normal, default format, or CSV format). Additionally, added support for using single IPs in signature files directly, without the need for them to use complete CIDR notation (IPs that don't include a range will be interpreted seamlessly as 32's for in the case of IPv4 signature files and as 128's for in the case of IPv6 signature files). - [2016.12.31; NEW FEATURE; Maikuolan]: Added support for optionally including additional modules into CIDRAM to run after checking IPv4/IPv6 signatures. - [2017.01.02; Minor code change; Maikuolan]: Added the ability to track and to temporarily ban IP addresses blocked by modules. - [2017.01.05; Bug-fix; Maikuolan]: Fixed a bug related to the dislay of reCAPTCHA instances which could arise in some specific situations when some specific configurations are used in combination with specially marked sections. - [2017.01.05; Minor code change; Maikuolan]: Added a new directive to control the maximum number of infractions an IP is allowed to incur before it is banned by IP tracking ("infraction_limit"). Improved the readability of the front-end configuration page by including directive names alongside their descriptions and formatting accordingly. Rewrote the "Direct" closure in the loader (nothing was broken, changed functionality, and patching not required; just changed due to that a code quality checking tool I sometimes use was complaining about the way it was written before). - [2017.01.10; Minor code change; Maikuolan]: Added several new directives: "ban_override", which allows overriding the value for "forbid_on_block" when requests from banned IPs are blocked, and allows skipping processing for the template files when processing blocked requests from banned IPs; "log_banned_ips", which allows specifying whether to include blocked requests from banned IPs in the logfiles; and "track_mode", which allows specifying whether to only track IPs blocked by modules, or to track IPs blocked for any reasons (eg, via the standard signature files as well as via the modules). - [2017.01.12; NEW FEATURE; Maikuolan]: Added the ability to distinguish between bots masquerading as popular search engines (eg, Googlebot, Bingbot, Yahoo! Slurp) and their real, legitimate counterparts. From herein, these fake search engine bots will be blocked by default upon detection, whereas their legitimate counterparts will have IP tracking disabled by default upon detection, therefore rendering them unbannable. Added the ability to perform timed DNS lookups, both forward and reverse, along with the ability to cache the results of these lookups. Added a new directive: "default_dns". - [2017.01.15; Bug-fixes; Maikuolan]: Bug found whereby false positives against search engines could occasionally be generated as a result of failed and incorrect DNS lookups (possible since the 2017.01.12 update); Code therefore modified as such to prevent this from occurring; Timeout limit increased and timed out lookups now result in no action being taken. Bug found whereby logging banned IPs which had exceeded the infraction limit could result in no log entry ID being parsed into log entries; Fixed. - [2017.01.23; Sub-minor code change; Maikuolan]: "default_dns" can now be a comma delimited list, allowing fallback servers to be used for DNS lookups. - [2017.01.24; Signatures; Maikuolan]: Further split the signature files, to keep signatures for cloud services, signatures for dangerous and spammy ISPs, and other signatures separate from each other, and to further improve modularisation. - [2017.01.25; Sub-minor code change; Maikuolan]: Improved component ordering mechanism for the updates page. - [2017.01.26; NEW FEATURE; Maikuolan]: Added a CIDR calculator to the front-end. - [2017.01.27; Bug-fix; Maikuolan]: When used, "ban_override" would trigger any time any block occurred, instead of only when the infraction limit had been exceeded; Fixed. - [2017.01.29; Bug-fix; Maikuolan]: Some versions of the DAT files used by the front-end updater for updating various components, signature files, modules, blocklists, etc, would sometimes glitch out and save several dozen duplicates of the same component entries when newly released components were detected as available for download, when those DAT files contained terminating markers at unexpected points in the file, when they contained too many terminating markers, and/or when they contained inappropriate formatting; Fixed. - [2017.01.30; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Japanese (fuzzy). This totals 13 different language versions of the README documentation now available. - [2017.01.31; Minor code change; Maikuolan]: Added a new directive to control whether the protections normally provided by CIDRAM are applied to the front-end ("protect_frontend"). Possibly useful in cases where users may be at risk of blocking themselves due to experimenting with new signatures, new modules, etc. Caleb M / Maikuolan, 1st February 2017. === Version/Release 0.6.1 === PATCH RELEASE. - [2016.11.29; Bug-fix; Maikuolan]: Some notices occasionally generated to the error logs by undefined indexes when accessing the updater; Fixed. - [2016.12.02; Sub-minor code change; Maikuolan]: Added some polyfills to extend compatibility with CIDRAM to PHP 5.4.x (the newly introduced front-end feature for CIDRAM makes use of the password_hash and password_verify functions, of which are only available natively to PHP versions 5.5.0 and above). - [2016.12.03; Sub-minor code change; Maikuolan]: Improved mechanism for making determinations between requests via direct access and requests via hooks. - [2016.12.05; Bug-fixes; Maikuolan]: Bug found whereby incorrect filenames would sometimes be reported by the updater for the optional country-wide blocklists; Fixed. Bug found whereby the active/inactive status for signature files would sometimes be incorrectly reported by the updater; Fixed. - [2016.12.06; Bug-fixes; Maikuolan]: Bug found whereby the install option would sometimes not be displayed for some components; Fixed. Bug found whereby cells would sometimes be incorrectly rendered for newly discovered components; Fixed. - [2016.12.08; Sub-minor code change; Maikuolan]: Improved mechanism for accessing logfiles via the front-end. - [2016.12.11; Sub-minor code change; Maikuolan]: Removed "matchElement" (never used; redundant; better to use "in_array" instead anyway). Improved some of the docBlock comments. Did some subtle refactoring. Slightly tweaked some of the front-end aesthetics. - [2016.12.12; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into German (fuzzy and quite likely erroneous, though). This totals 12 different language versions of the README documentation now available. Caleb M / Maikuolan, 12th December 2016. === Version/Release 0.6.0 === MINOR RELEASE. - [2016.10.18; Minor code change; Maikuolan]: Created a "configuration handler" file so as to move everything away from the loader (this'll be important for being able to self-update in the future). Slightly improved the YAML closure. Fallbacks no longer hardcoded with PHP at the time of loading the configuration file; Fallbacks now determined via a separate configuration defaults file written using YAML. - [2016.11.03; Signatures; Maikuolan]: Split signature files, to keep the bogon signatures to their own separate signature files (this may help to improve performance for any users that don't want to block bogons). - [2016.11.05; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Russian (fuzzy and quite likely erroneous, though). This totals 11 different language versions of the README documentation now available. - [2016.11.28; NEW FEATURE; Maikuolan]: Finished building the CIDRAM front-end! Using the CIDRAM front-end, you can update CIDRAM directly from your browser, install and update components and custom signature files, including the optional country-wide blocklists provided by MacMathan, language packs and more; You can modify core CIDRAM files, upload new files to your vault, view and download logfiles, and via the accounts page, selectively grant access to others either to administrate CIDRAM on your behalf, or to a more limited degree, to access the CIDRAM logfiles directly from the browser; You can test batches of IP addresses directly from your browser, to confirm whether they're blocked by whichever signature files you have installed at any given time; And you can update the CIDRAM configuration directly from your browser, too. Front-end access is disabled by default for security reasons, but you can enable it via the relevant newly created configuration directives pertaining to it. Caleb M / Maikuolan, 28th November 2016. === Version/Release 0.5.1 === PATCH RELEASE. No notable changes to the CIDRAM codebase have been made since the previously released version. This patch release exists due to numerous significant changes that've been made to the signature files of CIDRAM since the previously released version. Updating the working code of CIDRAM from the previously released version to this version release is not necessary, but updating all signature files is strongly recommended. In addition, it is strongly recommended for users updating to this release from the previous release, to carefully review the changes made to the "ignore.dat" file prior to doing so; There are some new instructions included in the "ignore.dat" as of this release which correspond mostly to some new signature sections introduced into the signature files as of this release, which may or may not be desired by users, depending on the needs of and the demographics targeted by the user (updating the signature files, and/or updating to this release from the previous release, without first reviewing the changes made to the "ignore.dat" file, may potentially risk an increase in the number of false positives encountered by the user). Caleb M / Maikuolan, 1st October 2016. === Version/Release 0.5.0 === MINOR RELEASE. - [2016.08.11; Sub-minor code change; Maikuolan]: Revisited the changes made as of the previous versioned release (0.4.1) regarding the slightly improved RTL text support (there were some rendering problems for some languages caused by the approach taken; this has been corrected). - [2016.08.11; Non-core change (Wordpress plugin); Maikuolan]: Added code to ensure that CIDRAM will be loaded before any other plugins in order to help avoid conflicts associated with caching plugins and other caching systems which could sometimes prevent requests from being blocked. - [2016.08.14; NEW FEATURE; Maikuolan]: Added reCAPTCHA support to CIDRAM! It's now (optionally) possible to allow users to bypass the normal "Access Denied" page by submitting a reCAPTCHA form. This should help mitigate some of the risks associated with blocking any CIDRs that may potentially carry human users/traffic. Due to some of the functionality required by this feature, the minimum version of PHP required in order to execute CIDRAM has been raised from "5.3.0" to "5.5.0" (that said though, "5.5.0" itself reached official "End of Life" status 24 days ago, so it would extremely advisable for users to not be using any versions of PHP older than that version anyhow). Additionally, this feature has resulted in the creation of some new configuration directives and some new files added to the vault (but the changes are entirely backwards-compatible). - [2016.08.17; Minor code change; Maikuolan]: Improved SoC for the reCAPTCHA feature (split into its own file and improved modularisation); Added code to allow certain specific HTML tags within the block information (requested by some users; these would've previously been broken by the anti-XSS sanitisation); Added some additional configuration options for the reCAPTCHA feature. - [2016.08.18; Sub-minor code change; Maikuolan]: Adjusted auto-typecasting closure (change required to accommodate some of the newer configuration directives); Salts made to be optional; Some subtle refactoring; Added support for user-free bypasses. Caleb M / Maikuolan, 24th August 2016. === Version/Release 0.4.1 === PATCH RELEASE. - [2016.08.03; Sub-minor code change; Maikuolan]: Added internal language support for Korean (15 language options now supported in total, not including CLI-mode support; Done with machine assistance, I'm not fluent, and it hasn't yet been audited, so, the new translation should be regarded as fuzzy). - [2016.08.06; Sub-minor code change; Maikuolan]: Slightly improved RTL text support; Adjusted the template file to compensate for display problems associated LTR/RTL mixed content. - [2016.08.06; Documentation; Maikuolan]: More work done on the documentation translations; Slightly closer to completing the translations for all targeted languages. - [2016.08.06; Non-core change (Wordpress plugin); Maikuolan]: Opted to remove action hook call and instead load everything immediately, as to avoid conflicts associated with caching plugins and other caching systems which could sometimes prevent requests from being blocked. - [2016.08.07; Sub-minor code change; Maikuolan]: Slightly improved/optimised the template file. Caleb M / Maikuolan, 7th August 2016. === Version/Release 0.4.0 === MINOR RELEASE. - [2016.07.22; Sub-minor code change; Maikuolan]: Added code to perform some simple sanitisation to the block information; This should help to prevent some obscure types of XSS attacks. - [2016.07.23; Minor code change; Maikuolan]: Added internal language support for Japanese (14 language options now supported in total, not including CLI-mode support; I'm not fluent and it hasn't yet been audited, so, the new translation should be regarded as fuzzy). Added a new function: "Greylist"; This can be used in the same way that whitelisting is used, but for escaping a CIDR from a single file, rather than from all files. Slightly improved the signature validator/fixer (can now detect broken/invalid ranges). - [2016.07.26; NEW FEATURE; Maikuolan]: Added some basic support for YAML-like data (note: not a true YAML implementation) to be read from signature files, which can used to specify and modify the values of configuration directives for separate signature sections. Refer github.com/CIDRAM/CIDRAM/issues/6 - [2016.07.30; Bug-fix; Maikuolan]: Fixed a bug whereby some configuration directives (in particular, "forbid_on_block") would sometimes be incorrectly typecasted, resulting in unexpected behaviour contrary to the documentation. Caleb M / Maikuolan, 31st July 2016. === Version/Release 0.3.1 === PATCH RELEASE. - [2016.06.18; Bug-fix; Maikuolan]: A bug was found by joe38 whereby some of the provider-specific bypasses included in the default CIDRAM signatures would trigger an error instead of the expected CIDRAM Access Denied message, and additionally, some bypasses weren't written with the considerations appropriate to the execution context required from which they were executing; Fixed. - [2016.07.04; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Vietnamese. This totals 10 different language versions of the README documentation now available. Caleb M / Maikuolan, 9th July 2016. === Version/Release 0.3.0 === MINOR RELEASE. - [2016.04.25; Minor code change; Maikuolan]: Signature files can now be specified via the configuration file (and so, modifying core script files in order to add additional custom signature files is no longer required). - [2016.04.27; Sub-minor code change; Maikuolan]: An additional custom rules file added for additional bypasses. - [2016.05.12; Sub-minor code change; Maikuolan]: Added internal language support for Vietnamese (now supported: English, Spanish, French, Indonesian, Italian, Dutch, Portuguese, Vietnamese, Chinese [simplified and traditional]; 10 language options now supported in total). - [2016.05.13; Sub-minor code change; Maikuolan]: Added internal language support for German (11 language options now supported in total). - [2016.05.13; Sub-minor code change; Maikuolan/m7mdtiger]: Added internal language support for Arabic (12 language options now supported in total). - [2016.05.26; Minor code change; Maikuolan]: Added a new i18n shorthand value for "Deny": "Proxy" (for blocking private and anonymous proxies). - [2016.05.27; Minor code change; Maikuolan]: Added the ability to use dated logfiles! Now, some simple variables ({dd}, {mm}, {yyyy}/{yy}, {hh}) can be included when specifying the names to use for logfiles in order to organise logfiles by date/time. Added a new directive ("timeOffset") to account for the possibility of discrepancies between servers and the local time of those using CIDRAM. - [2016.06.13; Minor code change; Maikuolan]: Added the ability to ignore signature sections by identifying their section tags to an ignore file. Refactored a number of closures to reduce code duplication and to improve the their process logic; Some old closures renamed and split into multiple new closures. Added internal language support for Russian (13 language options now supported in total, not including CLI-mode support). Caleb M / Maikuolan, 14th June 2016. === Version/Release 0.2.0 === MINOR RELEASE. - [2016.03.15; Signatures; Maikuolan]: Added Microsoft Azure CIDRs to the IPv4 signatures file; Updating several sections; Changed the "example" CIDRs in the IPv4 custom signatures file to reduce ambiguity (because the previous examples used CIDRs that wouldn't normally be triggered; fixed). - [2016.03.17; Signatures; Maikuolan]: Removed all references to HostExploit and SiteVet from CIDRAM. These two services appear to have not been updated in over a year and a half, and emails I've sent to them to ask whether their services are actively maintained and/or up-to-date seem to have been ignored, as I've not received any replies from them for any of the emails I'd sent. I don't think we should rely on outdated information. I've opted, instead, to include references to and information about the Google Malware Dashboard, which appears to be being updated on a daily basis, have a greater depth of information available and appears to be more reliable, so far. I've already added some new sections for new ASNs to block based upon the information they have available, and may possibly remove and/or modify some old sections in the future based on the information they have available. - [2016.03.18; Minor code change; Maikuolan]: Renamed all "INC" files to "PHP" files and changed all references to them accordingly. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.03.19; Sub-minor code change; Maikuolan]: Changed the default value of the "block_bogons" directive from true to false. Added a new directive, "disable_cli", to optionally disable the CLI mode implementation for CIDRAM. Added a fallback to help deal with situations where multiple IP address server variables may be in use. - [2016.03.21; Bug-fix; Maikuolan]: Improved the way in which we can detect whether we're in CLI-mode (there was a problem previously whereby cronjobs could sometimes be blocked in certain circumstances, and this shouldn't happen normally, thus qualifying this problem as a bug; this improvement corrects this problem). Refer github.com/CIDRAM/CIDRAM/issues/4 - [2016.03.25; Sub-minor code change; Maikuolan]: Removed references to the "package" tag from all phpDoc page blocks in the package (we don't need these, because we already have README documentation and don't use api-docs). Refer github.com/phpMussel/phpMussel/issues/85 - [2016.03.27; Minor code change; Maikuolan]: Added a "Why Blocked" field for the "Access Denied" page and for logging, to act as a debug mechanism to help track line/offset/section values for triggered signatures. Added code to allow CIDRAM to handle Windows-style linebreaks within the signature files, as so that it can now correctly interpret more than just Unix-style linebreaks. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.03.28; Minor code change; Maikuolan]: Added support for section tags! It's now possible to uniquely identify specific signature sections from the signature files by tagging sections with a section tag; These section tags will be included in the logfiles whenever any of the signatures from the tagged sections are triggered and will appear alongside debug information for the user whenever they're blocked. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.03.31; Signatures; Maikuolan]: Renamed "ipv4_custom.dat" to "ipv4_custom.dat.RenameMe" and renamed "ipv6_custom.dat" to "ipv6_custom.dat.RenameMe". The reason for appending ".RenameMe" onto the end of the names of the custom signature files is to prevent accidentally overwriting these files whenever someone updates CIDRAM blindly (such as via a dependency manager, installer or auto-updater; The custom signature files should be renamed back to their original former names by the user to activate them). Shell-style hashing implemented to all signature files for all comments and for all non-signature and non-syntactical entries; This won't be enforced onto users, but is recommended to improve readability for IDEs and text editors. Added some information from Spamhaus to help users gage the merit of blocking or not blocking some particular ASNs. Numerous new signature sections added to both the IPv4 and IPv6 signature files. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.04.01; Minor code change; Maikuolan]: Renamed "config.ini" to "config.ini.RenameMe". The reason here is the same as the reason for having recently done the same thing to the custom signature files (to prevent accidentally overwriting this file whenever someone updates CIDRAM blindly). Additionally, the configuration file is now optional; The script has fallbacks implemented for all configuration directives and no longer dies an error to the user/client when the configuration file is unavailable. Added a "Reconstructed URL" field for the "Access Denied" page and for logging, to determine which resource was being requested at the time of a user/client being blocked. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.04.02; Bug-fix; Maikuolan]: A bug was found by GaffNet whereby custom whitelist signatures were ignored by the script as of the latest version of the codebase due to the way that whitelist signatures were handled; This has been fixed. Refer github.com/CIDRAM/CIDRAM/issues/7 - [2016.04.03; Minor code change; Maikuolan]: Added support for Apache-style logging and for serialised logging (this could help any users wanting to integrate CIDRAM with packages such as fail2ban, which require Apache-style logs), and two related new configuration directives. Extended the "forbid_on_block" directive to allow 503 header responses. Added the ability to silently redirect blocked access attempts instead of displaying the usual "Access Denied" page. Did some more minor code refactoring. Refer github.com/CIDRAM/CIDRAM/issues/3 - [2016.04.04; Minor code change; Maikuolan]: Added support for custom themes; A new directive has been added to the configuration file allowing users to stipulate a custom CSS file to apply to the HTML output template; This and the new custom themes support for CIDRAM will work in the exact same way that custom themes for phpMussel works. Implemented a validator/fixer for checking and fixing signature files; Currently a work-in-progress and a BETA, but seems to function correctly and as intended; Currently only available in CLI, but will be available via other means after work has been completed. Refer github.com/CIDRAM/CIDRAM/issues/9 - [2016.04.10; Minor code change; Maikuolan]: Added support for section expiry! It's now possible to mark signature sections with an expiry date, to ensure that any signatures they contain won't be triggered after a specified date. This feature is optional; Unmarked signature sections won't expire. - [2016.04.10; Signatures; Maikuolan]: Added numerous new signature sections to the signature files, covering a number of different new ASNs. Added IPs from ZeuS C&C tracker. - [2016.04.12; Minor code change; Maikuolan]: Split the language data files into two dinstinct files per each language; Standard language data and CLI language data. - [2016.04.17; Minor code change; divinity76]: Stricter loading for the configuration file (CIDRAM will now return an error if the configuration file isn't readable). Caleb M / Maikuolan, 18th April 2016. === Version/Release 0.1.2 === PATCH RELEASE. - [2016.03.11; Sub-minor code change; Maikuolan]: When converting all functions to closures (anonymous functions) for the previous release, I missed the "matchElement" function. I'd thought I'd got them all, but I'd missed this one (this function wasn't yet being used anywhere anyhow, so, missing it wouldn't have been particularly problematic, anyhow); In any case, this has now been corrected. - [2016.03.13; Documentation; Maikuolan]: Completed translation for the CIDRAM README documentation into Chinese. This totals 9 different language versions of the README documentation now available. - [2016.03.14; Bug-fix; Maikuolan]: A bug was found within the IPv6Test closure function (used for calculating IPv6 CIDRs), caused by some excess spaces in the code that existed where they shouldn't have existed; Fixed. Refer github.com/CIDRAM/CIDRAM/issues/2 Caleb M / Maikuolan, 14th March 2016. === Version/Release 0.1.1 === PATCH RELEASE. - [2016.03.03-2016.03.06; Documentation; Maikuolan]: Completed translations for the CIDRAM README documentation (written originally in English) into Spanish, French, Indonesian, Italian, Portuguese and Dutch (none of these translations have been checked/audited by a native/fluent speaker yet, but they should be at least accurate enough to be understood). This totals 7 different language versions of the README documentation now available. - [2016.03.07; Sub-minor code change; Maikuolan]: Converted all functions to closures (anonymous functions), in order to be able to unset them from memory after the script execution has finished (we shouldn't leave unrequired data in the memory afer execution has finished). Changed the blocksize for reading files with the "ReadFile" function from 48KB to 128KB (we can afford this, and this should *slightly* increase the speed of the script). Caleb M / Maikuolan, 7th March 2016. === Version/Release 0.1.0 === MINOR RELEASE (FIRST BETA). - [2015.12.12; Documentation; Maikuolan]: Added a changelog; Added READMEs. Caleb M / Maikuolan, 27th February 2016. Versions < 0.1.0 are ALPHAs.