PHPIDS Intrusion Detection System
PHPIDS is an Intrusion Detection System for easy installation that allows you to protect all your web applications, websites and php script without affecting the speed of execution of the same.
PHPIDS is free and it is now at version 0.5.3.
How it works
The script, which is included on pages to secure (or responsible in any http requests via a php.ini setting that we will see shortly), analyzes the requests without filtering or "stripping" the input, simply recognizes the code malignant reacting exactly as you want, even according to the severity of the attack, for example you can instruct the IDS to finish loading the page after you logged ip input and the potential intruder.
PHPIDS is able to detect attempted attacks XSS, SQL injection, header injection, directory traversal, RFE / LFI, DoS and LDAP. It can also detect hostile requests that have been obscured, as the code injected into the charset encoding of UTF-7 or unicode entity, decimal and hexadecimal.
Example of UTF-7:
+ ADW-script + AD4-alert ('Hacked!') + + AD4-ADsAPA-/script
that decoded becomes:
<script> alert ('Hacked !');</ script>
The analysis of the inputs is based on a set of filtering rules together in a single XML file in constant development and this helps us a lot in keeping up to date definitions of the attacks.
Each rule is assigned a "impact" in numerical form, which determines the severity of the attack you are experiencing: according to the impact is therefore possible to define and customize the behavior of the PHPIDS neutralize the intrusion attempt.
To keep track of the attacks reported are available logging functions on text files, databases or by sending mail and we can implement these functions simultaneously.
If ($ result-> getImpact ()> = 40) / * Impact * /
(
require_once 'IDS / Log / file.php';
require_once 'IDS / Log / Email.php';
require_once 'IDS / Log / Composite.php';
$ CompositeLog IDS_Log_Composite = new ();
$ CompositeLog-> addLogger (IDS_Log_File:: getInstance ($ init)
IDS_Log_Email:: getInstance ($ init)) / * Lodges file and email * /
/ * Stop loading * /
die ('Your attack was <h1> Logged </ h1>');
)
Installation and use
For installation and configuration report a good tutorial you find on Howtoforge addition to the official FAQ of the IDS.
My advice for a more elegant solution and immediately above, is to write code to pages in a separate file and enhance the phpids.php auto_prepend_file php.ini parameter with the / path / absolute / to / file / phpids.php as described in the guidelines howtoforge.
Otherwise we can always use features include and require php.
If you prefer the former, but own a domain shared hosting as Aruba , you have some attention paid by the operator to override INI in your root.
In fact, if not replicated all the necessary parameters, these values assume default apache, certainly not optimized.
If you are unsure how to proceed, you can use (in Aruba), one of two configuration files downloaded from this post Capn3m0 append this line (modified properly):
auto_prepend_file = / path / absolute / to / file / phpids.php
If you do not know the absolute path in the browser load a page containing the code <? phpinfo(); ?> <? phpinfo(); ?> and check beside the item DOCUMENT_ROOT the respective value.
Resources & Support
- Documentation
- FAQ
- Support Forum
- Demo Layer
- Default_filter.xml file updated (to overwrite / phpids_folder / lib / IDS /)
- Converter.php file updated (to overwrite / phpids_folder / lib / IDS /)
One Response
Various' by BOB. "Hacking htaccess - Redirect for those arriving by Search Engines - Part 2
February 8th, 2009 at 7:45 pm
1[...] To protect you from hacking that I invite you to use scripts Security PHPIDS in which you can find a review here. / [...]
RSS feed for comments on this post · TrackBack URI
Leave a reply