Minimalist, but performant intrusion detection system that monitors Drupal for malicious activities and targets to be simple to understand and easy to use.
This will only monitor your Drupal site and not all the other possible attack vectors targeting your webservers! For having a complete intrusion detection for your servers please have a look at TinyIDS for Unix.
Tiny-IDS tries to detect following types of intrusion attacks:
- XSS (Cross Site Scripting)
Makes it possible to embed foreign content and scripts, grab your session/login information and phish private data.
- SQLi (SQL Injection)
Makes it possible to execute malicious database requests, dump code on your server and gain access to private information.
- Code execution (Local/Remote file inclusion, etc.)
Makes it possible to execute foreign code on your server in order to take over control.
After an intrusion was detected that reaches the configured sensibility threshold, the following reactions can be used.
- Log entry
A dblog entry will be created containing detailed information.
- Warning message
The suspicious user can be warned about his detection.
- Mail alert
A mail can be sent to a list of site administrators alerting about the detection.
- Rules integration (only D7)
Tiny-IDS has a Rules 2.x integration providing an intrusion attempt event. Using conditions and actions you can easily implement more advanced reactions like sending mails to user groups, blocking users, redirecting to a predefined site, printing more detailed warning messages and anything else you probably can imagine.
Also a ´bypass´-permission is added, to allow users like Administrators (permitted by default) to avoid detection of their activities.
After the usual installation Tiny-IDS is ready-to-use with recommended default configuration. If you want to change something, go to admin/config/system/tinyids.
I'm really trying to make everything as intuitive as possible, if you got questions that can not be answered by the configuration itself, please go ahead and create a support issue!
But what about..
- Spamming: There are already many powerful Spam-protection modules for Drupal (eg.: AntiSpam, Captcha's, Mollom).
- DDoS: Distributed Denial-Of-Service isn't an issue that should be handled by Drupal, you should rather think about low-level solutions (eg.: Firewalls/CDN Systems).
- Password security: See Password policy, Flood control.
At the moment this module is still under development and needs feedback!