Comments on: PHPIDS – Security Layer & Intrusion Detection for PHP Based Web Applications

By: zupakomputer

zupakomputer — Mon, 18 Feb 2008 23:01:15 +0000

One way to stay secure and not use any protection of course is to not advertise your sites and not have any keywords in them, block robots, and so forth; and also do all your own websurfs from a completely other machine with no details of the Siren computer refered to.

By: Pantagruel

Pantagruel — Mon, 18 Feb 2008 22:50:04 +0000

@anonymous

Humor us, share the url/IP. There will be enough people about to point out why certain safety measures can be very helpfull. Just because your box, to your knowledge, hasn’t been p0wned doesn’t mean it won’t be p0wned some time soon (or is under p0wnage right now).
In general the rule applies, the better you can test the perimeter security of your server, the fewer the amount of possible holes and the smaller the chance of being hacked/compromised.

By: zupakomputer

zupakomputer — Mon, 18 Feb 2008 22:01:09 +0000

Hey, that’s an info-gathering attempt on the slow-witted – claiming your web servers never been hacked and it’s there, naked, waiting…..

By: Darknet

Darknet — Mon, 18 Feb 2008 08:30:43 +0000

anonymous: I never implied YOU needed it, nor did I say I needed it but does that means it’s not required? I have a feeling you are young. If you’ve ever worked on a reasonably complex problem (more than 100k lines of code) you would know mistakes happen, multiple people are working on the same thing and you need multiple layers of defence (AV/Firewall/Reverse Proxy/IDS/Application Layer Protection etc.). And this tool in particular is an IDS not an IPS anyway so it doesn’t protect you from anything, it just tells you what people are trying to do. The first step of being secure is understanding the threat

By: anonymous

anonymous — Mon, 18 Feb 2008 00:43:39 +0000

@Darknet
My box runs neither a firewall, anti-virus or some sort of intrusion detection. And it has never been compromised in its 4 years of uptime. On average, it serves about 1400 HTTP requests daily.

I can agree that you may need extra protection in case you do not have the experience, but personally I would never run such an injection detection system on anything. I think it will only give the programmer a false sense of security, which will mosy likely result in other security checks beeing ignored.

By: eM3rC

eM3rC — Sun, 17 Feb 2008 22:38:57 +0000

@zupakomputer
Couldn’t be more true. There will always be a weakness no matter what you do.

@Darknet
Lets do all of that and rid the world of disease and hunger!

By: Darknet

Darknet — Sun, 17 Feb 2008 20:15:14 +0000

According to the wisdom of ‘anonymous’ we wouldn’t need anti-virus, intrusion detection, firewalls….hell let’s just get rid of the whole security industry and simply ask everyone to code properly!

By: zupakomputer

zupakomputer — Sun, 17 Feb 2008 19:06:46 +0000

That’s the thing: no matter how well you know any language or instruction set, chances are someone else will know more, and someones else that know less will have cracking tools that can exploit whatever you wrote.
That’s likely true even if you wrote the language itself – there’ll be some machine code or assembley-based way of altering it.

By: eM3rC

eM3rC — Sat, 16 Feb 2008 20:51:26 +0000

Its always good to keep the code as simple and secure as possible but there’s one things that is always true no matter what code it is. There will always be mistakes. Unless you have decades of experience for programming php securely it wont hurt to add more stuff. There are also some unknown techniques for hacking which you may not be aware of when you write the code.

One can never be to safe.

By: anonymous

anonymous — Sat, 16 Feb 2008 19:04:26 +0000

I don’t get the point of using such a packet. Why not just go to the root of the problem and make your code secure in the first place?

I believe the more code there is, the more insecure your application will be. I always try to keep my code as simple as possible.