.. You may want to use the usual include line. Uncomment and adjust the path. .. include:: ../Includes.txt =========== EXT: PHPIDS =========== :Created: 2006-12-10T12:05:20 :Changed: 2008-10-23T10:32:26 :Email: pascal.naujoks@pixabit.de :Info 2: :Info 3: :Info 4: .. _EXT-PHPIDS: EXT: PHPIDS =========== Extension Key: **px\_phpids** Copyright 2008-2009, pixabit GmbH / pascal.naujoks@pixabit.de, This document is published under the Open Content License available from http://www.opencontent.org/opl.shtml The content of this document is related to TYPO3 \- a GNU/GPL CMS/Framework available from www.typo3.com .. _Table-of-Contents: Table of Contents ----------------- **EXT: PHPIDS 1** **Introduction 2** What does it do? 2 Features 2 Screenshots 2 **Users Manual 3** Installation 3 How to update 3 **Administration 3** **Configuration 3** **Credits 4** **To-Do list 4** .. _Introduction: Introduction ------------ .. _What-does-it-do: What does it do? ^^^^^^^^^^^^^^^^ Adding a PHP Intrusion Detection System from `http://www.phpids.org `_ to your TYPO3 Website. .. _Features: Features ^^^^^^^^ Quote from the Author of PHPIDS: “PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session. PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the LGPL!” On their site you can find a collection of resources related to PHPIDS. These including files, documentation, a friendly forum and a demo which shows some of the best features of PHPIDS. .. _Screenshots: Screenshots ^^^^^^^^^^^ |img-1| *Image 1 The backend with some catched example attacks* |img-2| *Image 2 The extension is installed.* .. _Users-Manual: Users Manual ------------ .. _Installation: Installation ^^^^^^^^^^^^ Install the extension with the Extension Manager. The extension is automaticly installed by setting a Page Object “page.8 < plugin.tx\_pxphpids\_pi1” in the ext\_typoscript\_setup.txt. If you already defined the .8 by another extension please use another number as low as possible. After activation you should get a message on top of your page: “No attack detected – click for an example attack”. (See Image 2). This Message shows you that the installation completed successfully. Now you can turn the message off by setting the Typo-Script variable General.debug\_mode to 0. To do this choose “Template” in your Typo3 Backend. Then refer to the first page after the page with the globe- sign. Choose “Constant Editor” from the dropdown on top of the page. You should now see a new dropdown with a list of installed and configurable extension. Choose “PX\_PHPIDS (27)”. See Section “Configuration” for details. Note that most of the variables must not be changed since PHPIDS for TYPO3 is preconfigured and should fit most need. .. _How-to-update: How to update ^^^^^^^^^^^^^ From time to time you have to update the filer rules (default\_filter.xml) and the converter (Converter.php). This can be done by using the backend module PHPIDS → Update converter and filter → Start update You can automate this procedure by adding PHPIDS to the TYPO3 Scheduler. To do this click on the backend module Scheduler → Add task → Choose “PHPIDS filter and converter update”. The task frequency should be once a week (for example “30 3 \* \* 0”). .. _Administration: Administration -------------- All settings are done by TypoScript objects. Please refer to your Constant Editor and choose PX\_PHPIDS. They are also explained in the next section: “Configuration”. .. _Configuration: Configuration ------------- Use the Constant Editor template tool to set these properties. If you are not using the Constant editor to configure the extension, you should analyze carefully the use of these constants in the default setup file. .. ### BEGIN~OF~TABLE ### .. _General-debug-mode: General.debug\_mode ^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.debug\_mode Data type boolean Description Debug Mode: Turn on or off debug mode. Default 1 .. _Impact-file-threshold: Impact.file\_threshold ^^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property Impact.file\_threshold Data type int Description File Threshold: Threshold for reporting an impact to the logfile defined in Logging.path Default 1 .. _Impact-db-threshold: Impact.db\_threshold ^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property Impact.db\_threshold Data type int Description DB Threshold: Threshold for reporting an impact to the database shown in the PHPIDS backend module Default 25 .. _Impact-email-threshold: Impact.email\_threshold ^^^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property Impact.email\_threshold Data type int Description EMail Threshold: Threshold for reporting an impact by e-mail specified in Logging.email Default 50 .. _Impact-die-threshold: Impact.die\_threshold ^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property Impact.die\_threshold Data type int Description Die Threshold: Treshold for locking the homepage to the attacker with a session\_destroy() and PHP die() Default 75 .. _General-filter-type: General.filter\_type ^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.filter\_type Data type text Description Filter Typ: Choose your filter type. Default xml .. _General-use-base-path: General.use\_base\_path ^^^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.use\_base\_path Data type boolean Description Use base path: Choose if base path is used. Default 1 .. _General-filter-path: General.filter\_path ^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.filter\_path Data type text Description Filter path: Choose your filter file. Default is default\_filter.xml Default default\_filter.xml .. _General-tmp-path: General.tmp\_path ^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.tmp\_path Data type text Description Tmp path: Choose your temp path. Default tmp .. _General-scan-keys: General.scan\_keys ^^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.scan\_keys Data type boolean Description Scan Key: Use scan key Default 0 .. _General-HTML-Purifier-Path: General.HTML\_Purifier\_Path ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.HTML\_Purifier\_Path Data type text Description HTML Purifier Path: In case you want to use a different HTMLPurifier source, specify it here. By default, those files are used that are being shipped with PHPIDS Default IDS/vendors/htmlpurifier/HTMLPurifier.auto.php .. _General-HTML-Purifier-Cache: General.HTML\_Purifier\_Cache ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.HTML\_Purifier\_Cache Data type text Description HTML Purifier Cache: In case you want to use a different HTMLPurifier cache, specify it here. By default, those files are used that are being shipped with PHPIDS Default IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer .. _General-html: General.html ^^^^^^^^^^^^ .. container:: table-row Property General.html Data type text Description HTML: Define which fields contain html and need preparation before hitting the PHPIDS rules Default \_\_wysiwyg .. _General-json: General.json ^^^^^^^^^^^^ .. container:: table-row Property General.json Data type text Description JSON: Define which fields contain JSON data and should be treated as such for fewer false positives Default \_\_jsondata .. _General-exceptions-0: General.exceptions\_0 ^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.exceptions\_0 Data type text Description Exception 1: Define which fields shouldn't be monitored Default .. _General-exceptions-1: General.exceptions\_1 ^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.exceptions\_1 Data type text Description Exception 2: Define which fields shouldn't be monitored Default .. _General-exceptions-2: General.exceptions\_2 ^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.exceptions\_2 Data type text Description Exception 3: Define which fields shouldn't be monitored Default .. _General-min-php-version: General.min\_php\_version ^^^^^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property General.min\_php\_version Data type text Description PHPIDS should run with PHP 5.1.2 but this is untested - set this value to force compatibilty with minor versions Default 5.1.6 .. _Logging-email: Logging.email ^^^^^^^^^^^^^ .. container:: table-row Property Logging.email Data type text Description Address for reportings by E-Mail: If not specified the $TYPO3\_CONF\_VARS['BE']['warning\_email\_addr'] will be used Default .. _Logging-path: Logging.path ^^^^^^^^^^^^ .. container:: table-row Property Logging.path Data type text Description File logging: If you use the PHPIDS logger you can define specific configuration here Default tmp/phpids\_log.txt .. _Logging-envelope: Logging.envelope ^^^^^^^^^^^^^^^^ .. container:: table-row Property Logging.envelope Data type text Description Email logging: Note that enabling safemode you can prevent spam attempts Default .. _Logging-safemode: Logging.safemode ^^^^^^^^^^^^^^^^ .. container:: table-row Property Logging.safemode Data type boolean Description Logging Safemofe for E-Mail logging. Default 1 .. _Logging-urlencode: Logging.urlencode ^^^^^^^^^^^^^^^^^ .. container:: table-row Property Logging.urlencode Data type boolean Description Logging urlencode for Email logging Default 1 .. _Logging-allowed-rate: Logging.allowed\_rate ^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property Logging.allowed\_rate Data type int Description Logging Allowed rate for Email logging Default 15 .. _Caching-caching: Caching.caching ^^^^^^^^^^^^^^^ .. container:: table-row Property Caching.caching Data type options[session,file,database,memcached,none]; Description Caching method Default file .. _Caching-expiration-time: Caching.expiration\_time ^^^^^^^^^^^^^^^^^^^^^^^^ .. container:: table-row Property Caching.expiration\_time Data type int Description Caching expiration time Default 600 .. _Caching-path: Caching.path ^^^^^^^^^^^^ .. container:: table-row Property Caching.path Data type text Description File caching path Default tmp/default\_filter.cache .. ###### END~OF~TABLE ###### .. _Credits: Credits ------- First of all thanks to Kasper Skårhøj, the founder of TYPO3. Then I would like to thank Mario Heiderich and his team from `www.php- ids.org `_ for developing the original PHPIDS. I also would like to thank Alexander S., Alexander K. and Stefan W. for helping me out with some tricky TYPO3 things. And last but not least I would like to thank `www.pixabit.de `_ – without this company PHPIDS for Typo3 would not exist. .. _To-Do-list: To-Do list ---------- Convert this extension to extbase and fluid. |img-3| EXT: PHPIDS - 4 .. ######CUTTER_MARK_IMAGES###### .. |img-1| image:: img-1.jpeg .. :align: left .. :border: 0 .. :height: 72 .. :id: Grafik2 .. :name: Grafik2 .. :width: 669 .. |img-2| image:: img-2.jpeg .. :align: left .. :border: 0 .. :height: 43 .. :id: Grafik1 .. :name: Grafik1 .. :width: 407 .. |img-3| image:: img-3.png .. :align: left .. :border: 0 .. :height: 32 .. :id: Graphic1 .. :name: Graphic1 .. :width: 102