$Id: README.txt,v 1.11.2.2 2007-08-03 19:45:04 swentel Exp $ IMPORTANT --------- PHP5 only! (5.2.x recommended) Like Drupal, I also support the gophp5.org initiative. (http://gophp5.org/). See also the php4 end of life announcement on php.net. DESCRIPTION ----------- This module adds an extra security layer to Drupal and recognizes (most) malicious input. It always logs the impact and can send out mail or redirect to a warning page after a certain level of impact was reached if you want to. User 1 is always ignored (unless someone really thinks otherwise) and anonymous users are always monitored. INSTALLATION ------------ Download the latest PHPIDS package from http://www.phpids.org. Note, this will only work with the PHP5 version! Unpack the tar/zip and move the IDS directory package/lib/ to the module directory of phpids. CONFIGURATION AND TESTING ------------------------- After that, enable the module and surf to the settings page on http://yourdrupal/?q=admin/logs/phpids/settings and change the default settings to your needs. Test if PHPIDS starts logging (not as user 1!) * normal log level http://yourdrupal/?q=admin/logs/phpids&test=">XXX * mail level - if you filled in an email http://yourdrupal/?q=admin/logs/phpids&test=">XXX<"> BUGS, REQUESTS -------------- http://drupal.org/project/phpids TODO / FEATURES --------------- * currently, $_GET & $_POST are monitored. Do we need to check on other global vars or is this enough ? * pgsql statements * Settings - auto block IP/user after huge level (81) - user roles - level monitoring - input formats - more ?