PHPIDS – Security Layer & Intrusion Detection for PHP Based Web Applications

The New Acunetix V12 Engine


Another protection for those building website and web applications, as it’s the the most common attack vector nowadays I think it’s important to be extra safe on this front.

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt.

This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the LGPL!

It’s a fairly mature product with some good documentation (docs are here) and it’s easily to programmatically grab the latest version of the filter rules (it’s just an xml file).

You can see a demo here were you can try some injections or XSS and see the warnings.

http://demo.php-ids.org/

Download the latest version of PHPIDS here:

PHPIDS 0.4.6 zip
PHPIDS 0.4.6 tar.gz

There are other versons for Drupal and WordPress on the download page.

Or read more here.

Posted in: Countermeasures, Security Software, Web Hacking

, , , , ,


Latest Posts:


Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.


12 Responses to PHPIDS – Security Layer & Intrusion Detection for PHP Based Web Applications

  1. eM3rC February 12, 2008 at 8:42 am #

    Wow amazing program. Definitely gonna add this when I do my next site.

  2. Pantagruel February 12, 2008 at 5:18 pm #

    Indeed a very sane addition to any server running PHP coded software
    (even something silly as a photo album or so)

  3. anonymous February 16, 2008 at 7:04 pm #

    I don’t get the point of using such a packet. Why not just go to the root of the problem and make your code secure in the first place?

    I believe the more code there is, the more insecure your application will be. I always try to keep my code as simple as possible.

  4. eM3rC February 16, 2008 at 8:51 pm #

    Its always good to keep the code as simple and secure as possible but there’s one things that is always true no matter what code it is. There will always be mistakes. Unless you have decades of experience for programming php securely it wont hurt to add more stuff. There are also some unknown techniques for hacking which you may not be aware of when you write the code.

    One can never be to safe.

  5. zupakomputer February 17, 2008 at 7:06 pm #

    That’s the thing: no matter how well you know any language or instruction set, chances are someone else will know more, and someones else that know less will have cracking tools that can exploit whatever you wrote.
    That’s likely true even if you wrote the language itself – there’ll be some machine code or assembley-based way of altering it.

  6. Darknet February 17, 2008 at 8:15 pm #

    According to the wisdom of ‘anonymous’ we wouldn’t need anti-virus, intrusion detection, firewalls….hell let’s just get rid of the whole security industry and simply ask everyone to code properly!

  7. eM3rC February 17, 2008 at 10:38 pm #

    @zupakomputer
    Couldn’t be more true. There will always be a weakness no matter what you do.

    @Darknet
    Lets do all of that and rid the world of disease and hunger!

  8. anonymous February 18, 2008 at 12:43 am #

    @Darknet
    My box runs neither a firewall, anti-virus or some sort of intrusion detection. And it has never been compromised in its 4 years of uptime. On average, it serves about 1400 HTTP requests daily.

    I can agree that you may need extra protection in case you do not have the experience, but personally I would never run such an injection detection system on anything. I think it will only give the programmer a false sense of security, which will mosy likely result in other security checks beeing ignored.

  9. Darknet February 18, 2008 at 8:30 am #

    anonymous: I never implied YOU needed it, nor did I say I needed it but does that means it’s not required? I have a feeling you are young. If you’ve ever worked on a reasonably complex problem (more than 100k lines of code) you would know mistakes happen, multiple people are working on the same thing and you need multiple layers of defence (AV/Firewall/Reverse Proxy/IDS/Application Layer Protection etc.). And this tool in particular is an IDS not an IPS anyway so it doesn’t protect you from anything, it just tells you what people are trying to do. The first step of being secure is understanding the threat :)

  10. zupakomputer February 18, 2008 at 10:01 pm #

    Hey, that’s an info-gathering attempt on the slow-witted – claiming your web servers never been hacked and it’s there, naked, waiting…..

  11. Pantagruel February 18, 2008 at 10:50 pm #

    @anonymous

    Humor us, share the url/IP. There will be enough people about to point out why certain safety measures can be very helpfull. Just because your box, to your knowledge, hasn’t been p0wned doesn’t mean it won’t be p0wned some time soon (or is under p0wnage right now).
    In general the rule applies, the better you can test the perimeter security of your server, the fewer the amount of possible holes and the smaller the chance of being hacked/compromised.

  12. zupakomputer February 18, 2008 at 11:01 pm #

    One way to stay secure and not use any protection of course is to not advertise your sites and not have any keywords in them, block robots, and so forth; and also do all your own websurfs from a completely other machine with no details of the Siren computer refered to.