PHPIDS
#D7CX: The goal is to deprecate this module on the day that Drupal 7 is released. Please review the patch there to help us achieve this goal.
PHPIDS module adds a security layer based on http://www.php-ids.org and is interesting if you want to know how and when (anonymous) users try to break your site by logging their attacks. It can send a mail, redirect the (anonymous) user or (not yet implemented) automatically block user/ip access after a certain level of impact has been reached. On the settings page you can choose what you want to do with anonymous and authenticated users (ignore, log, log & action).
Installation instructions are in the README.txt included in all releases. Please check phpids settings and status report after installing or upgrading phpids module
Warning: PHP5 5.1.6 or better. 5.2.x is recommended.
Example to reduce false positives (since 6.x-1.9)
To reduce false positives from PHPIDS which flood your logs, sends warning mails or block unsuspicious user activities, follow these steps to configure your PHPIDS correct.
- Pickup a false positive log-entry from Administer->Reports->Recent log entries by filtering for phpids
- Select the variable name which includes possible false values like html or json from this log entry
- Enter this variable name coma seperated into html and/or json included fields in PHPIDS admin form (Administer->Site Configuration->Logging and alerts->PHPIDS settings)
- Save your new PHPIDS settings
- Now the total impact value should be lower than before
Tested PHPIDS versions:
- PHPIDS 0.6.3.1 (since 6.x-1.10)
- PHPIDS 0.6.2
- PHPIDS 0.6.1.1
- PHPIDS 0.6
- PHPIDS 0.5.4 (very old)
Roadmap
With D7 coming soon, I'll develope a new branch version for all active drupal versions. I hope to have a stable PHPIDS module ready with launch of D7.
- phpids-7.x-1.0
- phpids-6.x-2.0
- phpids-5.x-3.0
ToDo:
- Review code of hook_requirements
- Update README.txt
