EXT: PHPIDS¶

What does it do?¶

Adding a PHP Intrusion Detection System from http://www.phpids.org to your TYPO3 Website.

Features¶

Quote from the Author of PHPIDS:

“PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the LGPL!”

On their site you can find a collection of resources related to PHPIDS. These including files, documentation, a friendly forum and a demo which shows some of the best features of PHPIDS.

Screenshots¶

Image 1 The backend with some catched example attacks

Image 2 The extension is installed.

Installation¶

Install the extension with the Extension Manager.

The extension is automaticly installed by setting a Page Object “page.8 < plugin.tx_pxphpids_pi1” in the ext_typoscript_setup.txt. If you already defined the .8 by another extension please use another number as low as possible.

After activation you should get a message on top of your page: “No attack detected – click for an example attack”. (See Image 2).

This Message shows you that the installation completed successfully. Now you can turn the message off by setting the Typo-Script variable General.debug_mode to 0. To do this choose “Template” in your Typo3 Backend. Then refer to the first page after the page with the globe- sign. Choose “Constant Editor” from the dropdown on top of the page. You should now see a new dropdown with a list of installed and configurable extension. Choose “PX_PHPIDS (27)”. See Section “Configuration” for details.

Note that most of the variables must not be changed since PHPIDS for TYPO3 is preconfigured and should fit most need.

How to update¶

From time to time you have to update the filer rules (default_filter.xml) and the converter (Converter.php).

This can be done by using the backend module PHPIDS → Update converter and filter → Start update

You can automate this procedure by adding PHPIDS to the TYPO3 Scheduler. To do this click on the backend module Scheduler → Add task → Choose “PHPIDS filter and converter update”. The task frequency should be once a week (for example “30 3 * * 0”).

General.debug_mode¶

Impact.file_threshold¶

Impact.db_threshold¶

Impact.email_threshold¶

Impact.die_threshold¶

General.filter_type¶

General.use_base_path¶

General.filter_path¶

General.tmp_path¶

General.scan_keys¶

General.HTML_Purifier_Path¶

General.HTML_Purifier_Cache¶

General.html¶

General.json¶

General.exceptions_0¶

General.exceptions_1¶

General.exceptions_2¶

General.min_php_version¶

Logging.email¶

Logging.path¶

Logging.envelope¶

Logging.safemode¶

Logging.urlencode¶

Logging.allowed_rate¶

Caching.caching¶

Caching.expiration_time¶

Caching.path¶