Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Though Drupal should not be vulnerable to SQL Injection attacks, it could be handy to know when someone is attempting to exploit them. Kind of makes you think that that person might not have the best of intentions for your site. It would be nice to integrate the ability to use PHP-IDS so that admins can see more of who is trying to attack them.
Comments
Comment #1
deekayen CreditAttribution: deekayen commentedOk, so here's what I had in mind.
Start by making php-ids pluggable, so that if you create a sites/all/modules/troll/php-ids directory and drop the php-ids files in there, Troll will pick it up and the configuration will show some options related to php-ids that weren't there otherwise. As the first round of implementation, I believe php-ids can just signal a warning. Catch that signal and log it in watchdog and track on the user's troll tab. I see you have a CVS account, so would you want to just commit as you go?
Comment #2
Anonymous (not verified) CreditAttribution: Anonymous commentedThat sounds great. Thank you.
Comment #3
deekayen CreditAttribution: deekayen commentedCVS granted. It'd be nice if you drop me an email or file a closed issue every now and then when you make a big commit so if people file issues, I'm in the loop, too.
Comment #4
Anonymous (not verified) CreditAttribution: Anonymous commentedThis has been added in the latest commit.
Comment #5
deekayen CreditAttribution: deekayen commentedNeeds to be ported to HEAD/7.x.
Comment #6
Anonymous (not verified) CreditAttribution: Anonymous commentedI'm afraid I can't do D7 just yet.
Comment #7
deekayen CreditAttribution: deekayen commentedShould this still be updated to 7.x with the http://drupal.org/project/phpids module in existence?
Comment #8
Rocketman CreditAttribution: Rocketman commentedI am trying to use this module in a FreeBSD jail.
The problem is that the jail does not expose the actual IP address of the users but rather the internal IP address of the jail.
We use X-Forwarded-For support in pound to enable Apache to log the actual IP address of the client.
http://en.wikipedia.org/wiki/X-Forwarded-For
Can Troll be configured to use the X-Forwarded-For header?
Please consider adding this support to Troll and PHP-IDS if they do not support it.
Here is an example of the problem:
IP History
IP Status Last Access First Access Host Information
10.1.0.2 not banned Tuesday, June 23, 2009 - 01:10 Tuesday, June 23, 2009 - 00:59 2.0.1.10.in-addr.arpa domain name pointer lamp.stream.
Comment #9
deekayen CreditAttribution: deekayen commentedI think the patch ought to look like something that integrates with http://drupal.org/project/phpids rather than keeping php-ids built into troll.
Comment #10
deekayen CreditAttribution: deekayen commentedComment #11
mgiffordProbably still a good idea.