Drupal Tiny-IDS

Posted by patrickd on June 8, 2011 at 11:38am

Minimalist, but performant intrusion detection system that monitors Drupal for malicious activities and targets to be simple to understand and easy to use.

Note

This will only monitor your Drupal site and not all the other possible attack vectors targeting your webservers! For having a complete intrusion detection for your servers please have a look at TinyIDS for Unix.

Detection

Tiny-IDS tries to detect following types of intrusion attacks:

XSS (Cross Site Scripting)
Makes it possible to embed foreign content and scripts, grab your session/login information and phish private data.
SQLi (SQL Injection)
Makes it possible to execute malicious database requests, dump code on your server and gain access to private information.
Code execution (Local/Remote file inclusion, etc.)
Makes it possible to execute foreign code on your server in order to take over control.

Reaction

After an intrusion was detected that reaches the configured sensibility threshold, the following reactions can be used.

Log entry
A dblog entry will be created containing detailed information.
Warning message
The suspicious user can be warned about his detection.
Mail alert
A mail can be sent to a list of site administrators alerting about the detection.
Rules integration (only D7)
Tiny-IDS has a Rules 2.x integration providing an intrusion attempt event. Using conditions and actions you can easily implement more advanced reactions like sending mails to user groups, blocking users, redirecting to a predefined site, printing more detailed warning messages and anything else you probably can imagine.

Also a ´bypass´-permission is added, to allow users like Administrators (permitted by default) to avoid detection of their activities.

Usage

After the usual installation Tiny-IDS is ready-to-use with recommended default configuration. If you want to change something, go to admin/config/system/tinyids.
I'm really trying to make everything as intuitive as possible, if you got questions that can not be answered by the configuration itself, please go ahead and create a support issue!

But what about..

Spamming: There are already many powerful Spam-protection modules for Drupal (eg.: AntiSpam, Captcha's, Mollom).
DDoS: Distributed Denial-Of-Service isn't an issue that should be handled by Drupal, you should rather think about low-level solutions (eg.: Firewalls/CDN Systems).
Password security: See Password policy, Flood control.

Alternatives?

Drupal PHP-IDS integration

Warning

At the moment this module is still under development and needs feedback!
If you experience Bugs or your missing a functionality, please open an issue to help getting the development of this module forward.

Downloads

Recommended releases

Version	Downloads	Date	Links
7.x-1.0-alpha1	tar.gz (21.72 KB) \| zip (24.44 KB)	2012-Apr-19	Notes
6.x-1.0-alpha1	tar.gz (20.33 KB) \| zip (22.99 KB)	2012-Apr-19	Notes

Development releases

Version	Downloads	Date	Links
7.x-1.x-dev	tar.gz (21.73 KB) \| zip (24.44 KB)	2012-Apr-20	Notes
6.x-1.x-dev	tar.gz (20.34 KB) \| zip (23 KB)	2012-Apr-20	Notes

Project Information

Maintenance status: Actively maintained
Development status: Under active development
Reported installs: 21 sites currently report using this module. View usage statistics.
Downloads: 77
Last modified: May 21, 2012

View all releases