While we are talking about unsecure PHP installations, we’ll be sharing this week lots of tips and tricks about PHP security. If a PHP version is considered unsecure, it doesn’t necessary mean that your infrastructure is vulnerable and may be attacked, you may be running different security layers before reaching the PHP layer. it doesn’t mean that you should not upgrade your PHP ! So we’ll start this PHP Security series with a tool that you may probably know which is PHPIDS : PHP-Intrusion Detection System.
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to.
Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.
You may check the PHPIDS demo which allow you to inject malicious input to stress test the PHPIDS. The tool enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the fair LGPL!
More information and download at https://phpids.org