Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This project is not covered by Drupal’s security advisory policy.
Minimalist, but performant intrusion detection system that monitors Drupal for malicious activities and targets to be simple to understand and easy to use.
Note
This will only monitor your Drupal site and not all the other possible attack vectors targeting your webservers! For having a complete intrusion detection for your servers please have a look at TinyIDS for Unix.
Detection
Tiny-IDS tries to detect following types of intrusion attacks:
- XSS (Cross Site Scripting)
Makes it possible to embed foreign content and scripts, grab your session/login information and phish private data. - SQLi (SQL Injection)
Makes it possible to execute malicious database requests, dump code on your server and gain access to private information. - Code execution (Local/Remote file inclusion, etc.)
Makes it possible to execute foreign code on your server in order to take over control.
Reaction
After an intrusion was detected that reaches the configured sensibility threshold, the following reactions can be used.
- Log entry
A dblog entry will be created containing detailed information. - Warning message
The suspicious user can be warned about his detection. - Mail alert
A mail can be sent to a list of site administrators alerting about the detection. - Rules integration (only D7)
Tiny-IDS has a Rules 2.x integration providing an intrusion attempt event. Using conditions and actions you can easily implement more advanced reactions like sending mails to user groups, blocking users, redirecting to a predefined site, printing more detailed warning messages and anything else you probably can imagine.
Also a ´bypass´-permission is added, to allow users like Administrators (permitted by default) to avoid detection of their activities.
Usage
After the usual installation Tiny-IDS is ready-to-use with recommended default configuration. If you want to change something, go to admin/config/system/tinyids.
I'm really trying to make everything as intuitive as possible, if you got questions that can not be answered by the configuration itself, please go ahead and create a support issue!
But what about..
- Spamming: There are already many powerful Spam-protection modules for Drupal (eg.: AntiSpam, Captcha's, Mollom).
- DDoS: Distributed Denial-Of-Service isn't an issue that should be handled by Drupal, you should rather think about low-level solutions (eg.: Firewalls/CDN Systems).
- Password security: See Password policy, Flood control.
Alternatives?
Project information
Seeking new maintainer
The current maintainers are looking for new people to take ownership.
No further development
No longer developed by its maintainers.
117 sites report using this module- Created by patrickd on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
Releases
7.x-1.0-alpha2
released 19 July 2012
Works with Drupal: 7.x
Development version: 7.x-1.x-dev updated 21 Feb 2012 at 12:43 UTC
