DEPRECATION WARNING
This documentation is not using the current rendering mechanism and is probably outdated. The extension maintainer should switch to the new system. Details on how to use the rendering mechanism can be found here.
EXT: PHPIDS¶
Created: | 2006-12-10T12:05:20 |
---|---|
Changed: | 2008-10-23T10:32:26 |
Email: | pascal.naujoks@pixabit.de |
Info 2: | |
Info 3: | |
Info 4: |
EXT: PHPIDS¶
Extension Key: px_phpids
Copyright 2008-2009, pixabit GmbH / pascal.naujoks@pixabit.de, <pascal.naujoks@pixabit.de>
This document is published under the Open Content License
available from http://www.opencontent.org/opl.shtml
The content of this document is related to TYPO3
- a GNU/GPL CMS/Framework available from www.typo3.com
Table of Contents¶
EXT: PHPIDS 1
Introduction 2
What does it do? 2
Features 2
Screenshots 2
Users Manual 3
Installation 3
How to update 3
Administration 3
Configuration 3
Credits 4
To-Do list 4
Introduction¶
What does it do?¶
Adding a PHP Intrusion Detection System from http://www.phpids.org to your TYPO3 Website.
Features¶
Quote from the Author of PHPIDS:
“PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.
PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the LGPL!”
On their site you can find a collection of resources related to PHPIDS. These including files, documentation, a friendly forum and a demo which shows some of the best features of PHPIDS.
Screenshots¶
Image 1 The backend with some catched example attacks
Image 2 The extension is installed.
Users Manual¶
Installation¶
Install the extension with the Extension Manager.
The extension is automaticly installed by setting a Page Object “page.8 < plugin.tx_pxphpids_pi1” in the ext_typoscript_setup.txt. If you already defined the .8 by another extension please use another number as low as possible.
After activation you should get a message on top of your page: “No attack detected – click for an example attack”. (See Image 2).
This Message shows you that the installation completed successfully. Now you can turn the message off by setting the Typo-Script variable General.debug_mode to 0. To do this choose “Template” in your Typo3 Backend. Then refer to the first page after the page with the globe- sign. Choose “Constant Editor” from the dropdown on top of the page. You should now see a new dropdown with a list of installed and configurable extension. Choose “PX_PHPIDS (27)”. See Section “Configuration” for details.
Note that most of the variables must not be changed since PHPIDS for TYPO3 is preconfigured and should fit most need.
How to update¶
From time to time you have to update the filer rules (default_filter.xml) and the converter (Converter.php).
This can be done by using the backend module PHPIDS → Update converter and filter → Start update
You can automate this procedure by adding PHPIDS to the TYPO3 Scheduler. To do this click on the backend module Scheduler → Add task → Choose “PHPIDS filter and converter update”. The task frequency should be once a week (for example “30 3 * * 0”).
Administration¶
All settings are done by TypoScript objects. Please refer to your Constant Editor and choose PX_PHPIDS.
They are also explained in the next section: “Configuration”.
Configuration¶
Use the Constant Editor template tool to set these properties. If you are not using the Constant editor to configure the extension, you should analyze carefully the use of these constants in the default setup file.
General.debug_mode¶
Property
General.debug_mode
Data type
boolean
Description
Debug Mode: Turn on or off debug mode.
Default
1
Impact.file_threshold¶
Property
Impact.file_threshold
Data type
int
Description
File Threshold: Threshold for reporting an impact to the logfile defined in Logging.path
Default
1
Impact.db_threshold¶
Property
Impact.db_threshold
Data type
int
Description
DB Threshold: Threshold for reporting an impact to the database shown in the PHPIDS backend module
Default
25
Impact.email_threshold¶
Property
Impact.email_threshold
Data type
int
Description
EMail Threshold: Threshold for reporting an impact by e-mail specified in Logging.email
Default
50
Impact.die_threshold¶
Property
Impact.die_threshold
Data type
int
Description
Die Threshold: Treshold for locking the homepage to the attacker with a session_destroy() and PHP die()
Default
75
General.filter_type¶
Property
General.filter_type
Data type
text
Description
Filter Typ: Choose your filter type.
Default
xml
General.use_base_path¶
Property
General.use_base_path
Data type
boolean
Description
Use base path: Choose if base path is used.
Default
1
General.filter_path¶
Property
General.filter_path
Data type
text
Description
Filter path: Choose your filter file. Default is default_filter.xml
Default
default_filter.xml
General.tmp_path¶
Property
General.tmp_path
Data type
text
Description
Tmp path: Choose your temp path.
Default
tmp
General.scan_keys¶
Property
General.scan_keys
Data type
boolean
Description
Scan Key: Use scan key
Default
0
General.HTML_Purifier_Path¶
Property
General.HTML_Purifier_Path
Data type
text
Description
HTML Purifier Path: In case you want to use a different HTMLPurifier source, specify it here. By default, those files are used that are being shipped with PHPIDS
Default
IDS/vendors/htmlpurifier/HTMLPurifier.auto.php
General.HTML_Purifier_Cache¶
Property
General.HTML_Purifier_Cache
Data type
text
Description
HTML Purifier Cache: In case you want to use a different HTMLPurifier cache, specify it here. By default, those files are used that are being shipped with PHPIDS
Default
IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer
General.html¶
Property
General.html
Data type
text
Description
HTML: Define which fields contain html and need preparation before hitting the PHPIDS rules
Default
__wysiwyg
General.json¶
Property
General.json
Data type
text
Description
JSON: Define which fields contain JSON data and should be treated as such for fewer false positives
Default
__jsondata
General.exceptions_0¶
Property
General.exceptions_0
Data type
text
Description
Exception 1: Define which fields shouldn't be monitored
Default
General.exceptions_1¶
Property
General.exceptions_1
Data type
text
Description
Exception 2: Define which fields shouldn't be monitored
Default
General.exceptions_2¶
Property
General.exceptions_2
Data type
text
Description
Exception 3: Define which fields shouldn't be monitored
Default
General.min_php_version¶
Property
General.min_php_version
Data type
text
Description
PHPIDS should run with PHP 5.1.2 but this is untested - set this value to force compatibilty with minor versions
Default
5.1.6
Logging.email¶
Property
Logging.email
Data type
text
Description
Address for reportings by E-Mail: If not specified the $TYPO3_CONF_VARS['BE']['warning_email_addr'] will be used
Default
Logging.path¶
Property
Logging.path
Data type
text
Description
File logging: If you use the PHPIDS logger you can define specific configuration here
Default
tmp/phpids_log.txt
Logging.envelope¶
Property
Logging.envelope
Data type
text
Description
Email logging: Note that enabling safemode you can prevent spam attempts
Default
Logging.safemode¶
Property
Logging.safemode
Data type
boolean
Description
Logging Safemofe for E-Mail logging.
Default
1
Logging.urlencode¶
Property
Logging.urlencode
Data type
boolean
Description
Logging urlencode for Email logging
Default
1
Logging.allowed_rate¶
Property
Logging.allowed_rate
Data type
int
Description
Logging Allowed rate for Email logging
Default
15
Caching.caching¶
Property
Caching.caching
Data type
options[session,file,database,memcached,none];
Description
Caching method
Default
file
Caching.expiration_time¶
Property
Caching.expiration_time
Data type
int
Description
Caching expiration time
Default
600
Caching.path¶
Property
Caching.path
Data type
text
Description
File caching path
Default
tmp/default_filter.cache
Credits¶
First of all thanks to Kasper Skårhøj, the founder of TYPO3.
Then I would like to thank Mario Heiderich and his team from www.php- ids.org for developing the original PHPIDS.
I also would like to thank Alexander S., Alexander K. and Stefan W. for helping me out with some tricky TYPO3 things.
And last but not least I would like to thank www.pixabit.de – without this company PHPIDS for Typo3 would not exist.