Coral 1.1.0 for Christmas

Making sure your sites are safe during the holidays!

Published on December 23, 2017

Coral Application Icon

Coral Update

The new Coral release is only one day away! I thought it would be a good time to put out all the new stuff in this version, so here's the changelog as of tonight:

Bug Fixes:

  • Optimized scan routines by removing code duplication
  • Added, adjusted, and fixed some PHP regular expression definitions


  • Added ability to profile security routines by adjusting a constant in the boot file
  • Improved memory usage of routines by 30% through the use of generator statements
  • Added PHP CLI support to avoid execution timeouts
  • Added ability to select monitor using nested sub-folder interface
  • Added new resolution interface to see live filesystem changes and handle them without diving into the file menu for each file
  • Added more details on the single file page by showing the captured security match and added additional details to the notices found in the last scan
  • Added new parser pattern definitions to detect common link injection patterns
  • Added new email option where the application will email you when rogue files are discovered

A lot of refactoring went on during this update. I am continually working to make this application a mean, pink, fighting machine. The biggest addition to this version is the new live scan and enhancements to the threat and rogue file management functionality. The live scan has three forms of initiation:

  • One: Using Cron you can automate live scans to happen as often as you like
  • Two: Using the web dashboard you can get an instant glimpse into the state of your monitored site whenever you feel like it
  • Three: Using the new file-based queue functionality

While all three work great, the file-based queue is the least prone to problems on larger monitors which actively monitor more than 2 to 3 thousand files. With the asynchronous queue, you can use the power of the command line to run a live scan asynchronously and then view the results on the dashboard using a flat-file, JSON formatted report. This completely circumvents the memory and max execution time constraints associated with doing a "hot run" in the dashboard in one request and I sort of feel the cron option defeats the purpose of the scan, but I added it anyway. I am moving heavily into JSON formatted reporting and data storage. This move will make it easy for you to hook into my applications' power from other applications, since JSON is a universally popular format for APIs.

In addition to the live scan, I also bolstered up the individual file-level reporting to show you exactly what Coral found using regular expression-based styling which highlights the exact code, on the exact line of a file that threw up the flag. As it is now, the single file-level interface only shows you a gross overview of the number of threats by category with a quick message and no additional info. It has completely changed, and I think you're going to like this! I have two more things to finish up tomorrow, but they are easy and quick. I've already been testing the new version on my own website, and it improves on the old version a lot in my opinion. The biggest and most welcomed change is the ability to handle notices, warning, threats, etc. in bulk. More to follow!