$Id: README.txt,v 1.11.4.2.2.2 2008-03-22 16:33:16 swentel Exp $ IMPORTANT --------- PHP5 only - at least 5.1.6 - 5.2.x recommended DESCRIPTION ----------- This module adds a security layer to Drupal based on PHPIDS (phpids.org). With a defined set or rules, it tries to detect malicious input from the (anonymous) user - it does not strip, filter or sanitize the input. It logs directly to watchdog or syslog (if enabled), so you have a clear view on who's trying to break your site. It can send out a mail after a certain level of impact has been reached or redirect the user to another page thus making his action completely worthless. Although the functionality is there to redirect users after a certain impact, I advise you to only log the attacks for now as I have to think about how to implement white lists and so on. Sending a mail is, at this moment, a better option. INSTALLATION ------------ 1) Download the latest PHPIDS package from http://www.phpids.org. 2) Unpack the tar/zip and move the IDS directory in phpids-0.x/lib to the module directory of phpids. 3) make sure the IDS/tmp folder is writable (for caching the filters) On Unix do chown webuser:webuser IDS/tmp (or a chmod 666, but try to avoid that) There is a Config.ini in the IDS/Config folder, do not worry, it's harmless, just keep it like it is. CONFIGURATION AND TESTING ------------------------- After that, enable the module and surf to the settings page on http://yourdrupal/?q=admin/logs/phpids/settings and change the default settings to your needs. Test if PHPIDS starts logging (not as user 1) * normal log level http://yourdrupal/?q=admin/reports/watchdog&test=">XXX * mail level - if you filled in an email http://yourdrupal/?q=admin/reports/watchdog&test=">XXX<">&test2= You should see the attacks logged in your dblog or in your syslog file. BUGS, REQUESTS -------------- http://drupal.org/project/phpids TODO / FEATURES --------------- * link phpids impact level with watchdog levels * Build in white lists (more users/roles / forms etc)