Comments on Intrusion Detection For PHP Applications With PHPIDS
Intrusion Detection For PHP Applications With PHPIDS This tutorial explains how to set up PHPIDS on a web server with Apache2 and PHP5. PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.
5 Comment(s)
Comments
And that about open basedir restriction? how to use auto_prepend_file when open basedir is on?
very simple:
just add path to the IDS libraries into open_basedir (either place this into .htaccess, or into VirtualHost container of the website.conf file for apache).
php_admin_value open_basedir "/path/to/website:/path/to/phpids-0.5.4/lib"
Before using this great piece of software you NEED to have full utf-8 support on UR machine!
http://gaarai.com/2009/01/31/unicode-support-on-centos-52-with-php-and-pcre/
https://bugzilla.redhat.com/show_bug.cgi?id=457064
After creating the file :
/var/www/web1/web/phpids.php
which is supposed to call PHPIDS, I try running the url
http://192.168.0.100/phpids.php
in my browser but I am returned with an
Error 404 : The requested URL /phpids.php was not found on this server.
Even when I type :
http://192.168.0.100/phpids.php?test=%22%3EXXX%3Cscript%3Ealert(1)%3C/script%3E
in the browser, I am returned with a page load error.
Why is this? Pls help me resolve this issue.
Great article. Do you know if it's possible to include the original request URL in the IDS Log file?