Hello all,

I wrote a little library for implementing PHPIDS in CodeIgniter and would like to share this with you. I find this PHPIDS library an important and necessary addition to my CodeIgniter applications and I really hope some of you want to give this a try. This is my first library and I’m kinda new to CodeIgniter so go easy on me. I’m hoping for some constructive feedback.

Source
https://bitbucket.org/basv/codeigniter-phpids-library/src

Download
Library: https://bitbucket.org/basv/codeigniter-phpids-library/downloads
PHPIDS: http://phpids.org/downloads

PHPIDS demo
Check out the PHPIDS demo @ http://demo.phpids.org/

Not familiar with PHPIDS?
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the LGPL!
This explanation came from their own website @ http://phpids.org/

Hope to hear from you!

What’s the impact on performance when you use this?

Interesting question, I never feel that I’m using this library, never noticed a loss in performance. I used the CI benchmark library for a quick test. The start point was right after instantiating CI in the constructor of the library, the end point was at the end of the constructor. This covers all the actions from the library.

Normal page view without POST data: 0.029 seconds average
Form submit, 36 fields, no malicious content, no IDS reaction triggered: 0.033 seconds average
Form submit, 36 fields, 1 with [removed]alert(‘b00’)[removed], IDS database log triggered: 0.036 seconds avaerage

Amazingly fast huh? :)

PS: Let me know if you want me to do some more tests…
PS2: The removed parts obviously were script open and close tags…

Hmm… Interesting. This goes on my (looonnnggg) todo list…

In my honest opinion, security should be on top of our todo lists

I didn’t say that I don’t do anything security wise. I also didn’t say where on my long todo list I’ve placed it.

I hardly write internet facing apps, so at the moment I’m not to worried about the lack of IDS. And the ones that are, are behind expensive application (L7) firewalls taking care of these things…

Haha, indeed you didn’t say that, got me there. I didn’t ment to say you do nothing security wise, it was just a random statement to convince some more poeple to try this library out No worries, takes as long as you need. I do hope to hear from you once you tried it. Cheers!

Sorry to say that, but the impact on performance for me is very high.

I had to add some realpath functions to work properly for me on windows servers. Maybe this is the cause of loading time increased for an AJAX request from 0.2 to 4.3 seconds.

Can you further test it under stress conditions?

Thanks.

Hmmm, did more people experience this? I have been using PHPIDS for more than a year and never experienced any impact on performance. I never used windows servers though, I’ll try to setup a windows environment to do some testing.

More people experience this on windows servers? We only have linux servers so can’t really test it….

Hi,

It this compatible with CI 2.1 develop?
Second question:
Will it be compatible/work with Tank_auth?

Hi, I’m using it with CI 2.1.0 stable release, did not test with the latest develop but yeah should work.

In the config file I provided you can set the name of the session in which the user_id is stored:

$config[‘user_id’] = ‘user_id’;

Not sure which name Tank_auth uses cause I never used that, check it out and change the config file if needed, after that it should work perfect….

Will it work with:
Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze9 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o mod_wsgi/3.3 Python/2.6.6
?

It should. Just try and see

thx

Is that statment true?

PHPIDS will not add security to a site. They are simply a way to track users, check if they’re logged in, etc.