Protecting web applications with PHPIDS Intrusion Detection System
16 Oct
Posted by Tacu in Internet , Security
Tags: Intrusion Detection , php , PHPIDS
PHPIDS Intrusion Detection System
PHPIDS is an Intrusion Detection System for easy installation that allows you to protect all your web applications, websites and php script without affecting the speed of execution of the same.
PHPIDS is free and it is now at version 0.5.3.
How it works
The script, which is included on pages to secure (or responsible in any http requests via a php.ini setting that we will see shortly), analyzes the requests without filtering or "stripping" the input, simply recognizes the code malignant reacting exactly as you want, even according to the severity of the attack, for example you can instruct the IDS to finish loading the page after you logged ip input and the potential intruder.
PHPIDS is able to detect attempted attacks XSS, SQL injection, header injection, directory traversal, RFE / LFI, DoS and LDAP. It can also detect hostile requests that have been obscured, as the code injected into the charset encoding of UTF-7 or unicode entity, decimal and hexadecimal.
Example of UTF-7:
+ ADW-script + AD4-alert ('Hacked!') + + AD4-ADsAPA-/script
that decoded becomes:
<script> alert ('Hacked !');</ script>
The analysis of input is based on a set of filtering rules together in a single XML file in constant development and this helps us a lot in keeping up to date definitions of attacks.
Each rule is assigned a "impact" in numerical form, which determines the severity of the attack you are experiencing: according to the impact is therefore possible to define and customize the behavior of the PHPIDS neutralize the intrusion attempt.
To keep track of the attacks reported are available logging functions on text files, databases or by sending mail and we can implement these functions simultaneously.
If ($ result-> getImpact ()> = 40) / * Impact * /
(
require_once 'IDS / Log / file.php';
require_once 'IDS / Log / Email.php';
require_once 'IDS / Log / Composite.php';
$ CompositeLog IDS_Log_Composite = new ();
$ CompositeLog-> addLogger (IDS_Log_File:: getInstance ($ init)
IDS_Log_Email:: getInstance ($ init)) / * Lodges file and email * /
/ * Stop loading * /
die ('Your attack was <h1> Logged </ h1>');
)
