Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers PHPIDS library - Intrusion detection
PHPIDS library - Intrusion detection
  • El Forum
    Guest
  •  
#1
12-19-2010, 04:27 PM

[eluser]Bas Vermeulen[/eluser]
Hello all,

I wrote a little library for implementing PHPIDS in CodeIgniter and would like to share this with you. I find this PHPIDS library an important and necessary addition to my CodeIgniter applications and I really hope some of you want to give this a try. This is my first library and I'm kinda new to CodeIgniter so go easy on me. I'm hoping for some constructive feedback.

Source
https://bitbucket.org/basv/codeigniter-p...ibrary/src

Download
Library: https://bitbucket.org/basv/codeigniter-p.../downloads
PHPIDS: http://phpids.org/downloads

PHPIDS demo
Check out the PHPIDS demo @ http://demo.phpids.org/

Not familiar with PHPIDS?
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the LGPL!
This explanation came from their own website @ http://phpids.org/

Hope to hear from you!
  • El Forum
    Guest
  •  
#2
12-19-2010, 05:53 PM

[eluser]WanWizard[/eluser]
What's the impact on performance when you use this?
  • El Forum
    Guest
  •  
#3
12-20-2010, 05:47 AM

[eluser]Bas Vermeulen[/eluser]
Interesting question, I never feel that I'm using this library, never noticed a loss in performance. I used the CI benchmark library for a quick test. The start point was right after instantiating CI in the constructor of the library, the end point was at the end of the constructor. This covers all the actions from the library.

Normal page view without POST data: 0.029 seconds average
Form submit, 36 fields, no malicious content, no IDS reaction triggered: 0.033 seconds average
Form submit, 36 fields, 1 with [removed]alert('b00')[removed], IDS database log triggered: 0.036 seconds avaerage

Amazingly fast huh? :)

PS: Let me know if you want me to do some more tests...
PS2: The removed parts obviously were script open and close tags...
  • El Forum
    Guest
  •  
#4
12-20-2010, 08:47 AM

[eluser]WanWizard[/eluser]
Hmm... Interesting. This goes on my (looonnnggg) todo list...
  • El Forum
    Guest
  •  
#5
12-20-2010, 11:32 AM

[eluser]Bas Vermeulen[/eluser]
In my honest opinion, security should be on top of our todo lists Wink
  • El Forum
    Guest
  •  
#6
12-20-2010, 04:01 PM

[eluser]WanWizard[/eluser]
I didn't say that I don't do anything security wise. I also didn't say where on my long todo list I've placed it. Smile

I hardly write internet facing apps, so at the moment I'm not to worried about the lack of IDS. And the ones that are, are behind expensive application (L7) firewalls taking care of these things...
  • El Forum
    Guest
  •  
#7
12-20-2010, 04:18 PM

[eluser]Bas Vermeulen[/eluser]
Haha, indeed you didn't say that, got me there. I didn't ment to say you do nothing security wise, it was just a random statement to convince some more poeple to try this library out Wink No worries, takes as long as you need. I do hope to hear from you once you tried it. Cheers!
  • El Forum
    Guest
  •  
#8
12-30-2010, 06:08 PM

[eluser]Thinkers[/eluser]
Sorry to say that, but the impact on performance for me is very high.

I had to add some realpath functions to work properly for me on windows servers. Maybe this is the cause of loading time increased for an AJAX request from 0.2 to 4.3 seconds.

Can you further test it under stress conditions?

Thanks.
  • El Forum
    Guest
  •  
#9
12-31-2010, 03:19 AM

[eluser]Bas Vermeulen[/eluser]
Hmmm, did more people experience this? I have been using PHPIDS for more than a year and never experienced any impact on performance. I never used windows servers though, I'll try to setup a windows environment to do some testing.
  • El Forum
    Guest
  •  
#10
03-28-2011, 12:55 PM

[eluser]Bas Vermeulen[/eluser]
More people experience this on windows servers? We only have linux servers so can't really test it....




Theme © iAndrew 2016 - Forum software by © MyBB