$Id: README.txt,v 1.11.4.3 2007-10-06 14:11:16 swentel Exp $ IMPORTANT --------- PHP5 only - at least 5.1.6 - 5.2.x recommended DESCRIPTION ----------- This module adds a security layer to Drupal based on PHPIDS (phpids.org). With a defined set or rules, it tries to detect malicious input from the (anonymous) user - it does not strip, filter or sanitize the input. It logs directly to watchdog or syslog (if enabled), so you have a clear view on who's trying to break your site. It can send out a mail after a certain level of impact has been reached or redirect the user to another page thus making his action completely worthless. Although the functionality is there to redirect users after a certain impact, I advise you to only log the attacks for now as I have to think about how to implement white lists and so on. Sending a mail is, at this moment, a better option. INSTALLATION ------------ 1) Download the latest PHPIDS package from http://www.phpids.org. 2) Unpack the tar/zip and move the IDS directory in phpids-0.x/lib to the module directory of phpids. 3) make sure the IDS/tmp folder is writable (for caching the filters) On Unix do chown webuser:webuser IDS/tmp (or a chmod 666, but try to avoid that) There is a Config.ini in the IDS/Config folder, do not worry, it's harmless, just keep it like it is. CONFIGURATION AND TESTING ------------------------- After that, enable the module and surf to the settings page on http://yourdrupal/?q=admin/logs/phpids/settings and change the default settings to your needs. Test if PHPIDS starts logging (not as user 1) * normal log level http://yourdrupal/?q=admin/logs/phpids&test=">XXX * mail level - if you filled in an email http://yourdrupal/?q=admin/logs/phpids&test=">XXX<"> BUGS, REQUESTS -------------- http://drupal.org/project/phpids HISTORY ------- The module for Drupal5 used its own table, but I've merged this now into the watchdog table for consistency. Operation links to block user/hosts are now gone, since I can't use php code in the watchdog table. You'll have to copy/paste user/hosts yourself if you want to add access rules or block users in the user management section. TODO / FEATURES --------------- * add more help documentation in hook_help * link phpids impact level with watchdog levels * Build in white lists (more users/roles / forms etc)