记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

PHP入侵检测系统—PHPIDS

2014-05-10 04:30
PHP5.1.2 or better
Apache
mod_rewrite
安装步骤:
1、下载phpids   https://phpids.org/downloads/
2、解压phpids至网站根目录
3、如果无法解压至根目录可使用mod_rewrite

RewriteEngine On
RewriteCond %{REQUEST_URI} ^/phpids(.*)
RewriteRule ^(.+)$ – [F]

 

配置使用:
1、编辑config/config.ini.php自定义配置。

[General]
filter_type = xml
use_base_path = false
filter_path = default_filter.xml
tmp_path = tmp
scan_keys = false
HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php
HTML_Purifier_Cache = IDS/vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer
html[] = __wysiwyg
json[] = __jsondata
exceptions[] = __utmz
exceptions[] = __utmc
min_php_version = 5.1.2
[Logging]
path = tmp/phpids_log.txt
recipients[] = me@domain.com
subject = “PHPIDS detected an intrusion attempt!”
header = “From: <PHPIDS> noreply@domain.com”
envelope = “”
safemode = true
allowed_rate = 15

[Caching]
caching = file
expiration_time = 600
path = tmp/default_filter.cache

 

2、启用phpids,可以将phpids的加载脚本写入一个单独的php文件,然后通过php.ini中的auto_prepend_file选项自动加载。
ids.php

<?php

// set the include path properly for PHPIDS
set_include_path(
get_include_path()
. PATH_SEPARATOR
. ‘phpids/lib/’
);

if (!session_id()) {
session_start();
}

require_once ‘IDS/Init.php’;

try {
$request = array(
‘REQUEST’ => $_REQUEST,
‘GET’ => $_GET,
‘POST’ => $_POST,
‘COOKIE’ => $_COOKIE
);
$init = IDS_Init::init(dirname(__FILE__) . ‘/phpids/lib/IDS/Config/Config.ini.php’);
$f=$init->config['General']['base_path'] = dirname(__FILE__) . ‘/phpids/lib/IDS/’;
echo $f;
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = ‘file’;
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
require_once ‘IDS/Log/File.php’;
require_once ‘IDS/Log/Email.php’;
require_once ‘IDS/Log/Composite.php’;
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_Email::getInstance($init),IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
}
} catch (Exception $e) {
//this shouldn’t happen and if it does you don’t want the notification public.
}
?>

 

2、编辑php.ini,加入以下内容:
auto_prepend_file /full/path/to/ids.php 

知识来源: www.2cto.com/Article/201405/299162.html

阅读:114490 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“PHP入侵检测系统—PHPIDS”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云