From: Marc L. <ma...@ma...> - 2012-04-29 21:25:44
|
Today, in trunk for Tiki10, Louis-Philippe Huberdeau added PHPIDS (enabled by default) http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=revision&revision=41188 This doesn't do much for now, but I feel it will be really good in the long term. http://doc.tiki.org/PHPIDS http://dev.tiki.org/PHPIDS Best regards, M ;-) On Tue, Apr 17, 2012 at 10:08 AM, Xavier de Pedro <xav...@vh...> wrote: > +1 for improvements like phpids or bad behavior (which LGPL license allows > us to reuse). > Just read in diagonal very quickly. > > Nice that phpids plays well with mod security. If implemented, we should > fist check that rules in there don't conflict with Tiki much. (twweak the > phpids rules first to play nicely with tiki) > > Thanks Marc for raising this potential low-hanging-fruit (maybe?) to improve > our spam protection and intruder attemps. > > Xavi > > > > On 16/04/12 09:17, Marc Laporte wrote: >> >> Hi! >> >> Hunting/blocking/cleaning spam/bots is wasting our time. Also, they >> use up server resources and hinder our SEO. Let's make it harder for >> them so they decide it's more efficient to spam/attack non-Tiki sites! >> >> I propose that we integrate 1 or 2 of these solutions in trunk: >> http://bad-behavior.ioerror.us/ (LGPL) >> http://www.spambotsecurity.com/zbblock.php (GPL, so we'd need to ask a >> dual license) >> http://phpids.org/ LGPL >> >> "PHPIDS detects Cross-site scripting (XSS), SQL injection, header >> injection, Directory traversal, Remote File Execution, Local File >> Inclusion, Denial of Service (DoS)." >> http://en.wikipedia.org/wiki/PHPIDS >> >> Here are two nice documents about PHPIDS: >> >> http://www.novainfosecportal.com/wp-content/uploads/2012/04/AppSecDC-Using-PHPIDS-to-Understand-Attacks-Trends-Live.pdf >> http://holisticinfosec.org/toolsmith/docs/july2008.pdf >> >> PHPIDS collaborates with mod_security: >> http://www.modsecurity.org/demo/crs-demo.html >> >> And has a Zend Framework port: (although not very active) >> http://www.web-punk.com/wp-content/uploads/README_v_1_0_1.html >> >> Source code history is only available for PHPIDS so we don't have a >> great comparison: >> >> https://www.ohloh.net/p/compare?project_0=PHPIDS&project_1=ZB+Block&project_2=bad+behavior&submit_2=Go >> >> ZB Block vs Bad-Behavior >> -------------------------------- >> "BB is somewhat better at spam prevention, while ZB Block is much >> better as an IDS/IPS Security System." >> http://www.spambotsecurity.com/forum/viewtopic.php?f=9&t=708 >> >> ZB Block and Bad-Behavior working together >> -------------------------------------------------------- >> "Using ZBBlock works well with a basic install, but after a bit of >> customisation you can get an even tighter protection for the site. >> Without having crunched the actual numbers it appears like it’s coming >> close to the marketing phrase “99,9%” when tweaked and combined with >> the previously mentioned software called Bad Behaviour" >> http://macmathan.info/flatpress-and-zbblock/ >> >> I didn't find any comparisons of ZB Block vs PHPIDS but: >> >> "Baring that, I hope phpIDS does well, and I hope someone can >> interface it to e107. I personally just develop ZB Block as a vendetta >> against skript kiddies, and I am thankful others use and help me debug >> my script. It has begun to make a dent. phpIDS has far more manpower >> behind it, and has far better programmers from what I can tell. >> However, I don't agree with some of their paradigms, one of those >> being the involvement of SQL in security software." >> http://e107.org/e107_plugins/forum/forum_viewtopic.php?208565 >> >> Since we have http://doc.tiki.org/Akismet, phase 1 could be ZB Block >> or PHPIDS. And we could do Bad Behavior when version 3 comes out. >> >> Other interesting links: >> * http://dev.tiki.org/Spam+protection >> * http://phpseclib.com/ (recommended by Philippe Gamache and not to be >> confused with http://phpseclib.sourceforge.net/) >> * http://code.google.com/p/owasp-esapi-php/ >> * http://www.ohloh.net/tags/library/php/security >> * Add http://phpsec.org/projects/phpsecinfo/ (now in Zend?) or re-use >> some of their checks in tiki-admin_security.php >> * http://code.google.com/p/phprotector/ >> >> On a related note, bots can eat up a lot of CPU. This would be nice to >> implement: >> http://www.web-punk.com/2010/10/php-memory-limit-detection-with-zf/ >> >> >> What do you think? >> >> Best regards, >> >> > -- Marc Laporte http://MarcLaporte.com http://Tiki.org/MarcLaporte http://AvanTech.net |