Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi there!

Have anyone tried PHPIDS? Is this really effective against kiddies and
penetration testers? Just read abt it on howtoforge, it would be great
to know your opinion.

I don't consider it as the only security solution for web-services -
but if it really does what it announces it may become another musthave
security tool on web-servers.


Kirill "REDbyte" Novikov.


Quoted text here. Click to load it

I'd never heard of it before now, but looking at /
raises more concerns than answers questions.

To begin with, IME, bolt-on security products are usually
fundamentally flawed in terms of the concept; really the only way to
add security to an existing system is to build in controls between the
layers of the system (like firewalls, mod_security, suhosin...).

Next, security in IT is a complex thing and needs to be understood
properly to be implemented - there is no documentation of what the
product actually does nor how to use it on the website - the
'documentation' link takes you directly to the output of PHPDocumentor
- and the comments in the code don't help much.

Next, messing about with the demo, it is obviously based on a rather
crude set of blacklist words - rather like a VERY crude virus checker.
As has been written elsewhere, this approach to detecting
innapropriate content will always be playing catchup with new attack

Its not where I'd start when thinking about securing a PHP


Site Timeline