Contributions
PHP Intrusion PHP Intrusion Detection System for osCommerce
PHPIDS for osCommerce 1.1
Module to include PHPIDS into osCommerce to Log and Prevent Intrusions with Admin side Log Report View and Deletion
Support Thread: http://forums.oscommerce.com/topic/358046-php-intrusion-detection-system-for-oscommerce/
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.
Web applications are regularly threatened by attacks that try to exploit programming weaknesses. The PHP-based, open source PHPIDS solution detects attempted intrusions and raises the alarm when a threat is identified. PHPIDS helps protect PHP-based applications from Cross-Site-Scripting, SQL-Injection and other attacks. The simplest scenario involves logging attacks to establish whether a site is being targeted and requires further protective measures. Installing PHPIDS is usually only a matter of a few simple steps.
Expand All / Collapse All
for osCommerce Online Merchant v2.3.1
1. admin/phpids_report.php, admin/banned_ip.php and banned.php files modified [for osCommerce Online Merchant v2.3.1 only]. Do not update these 3 files if you are using osCommerce Online Merchant v2.2.
2. Added one more column to the PHPIDS table. Run the installer file to add this column.
3. PHPIDS 0.7 is ready.
1. A coding error / logical error has been corrected and usage of $_SERVER['PHP_SELF'] has been changed for security reasons in the banned_ip module file.
2. Usage of $_SERVER['PHP_SELF'] has been changed in the phpids_installer.php file.
3. PHPIDS 0.6.4 is ready. Overwrite the old files.
Full Package included in the zip file.
1. PHPIDS main configuration and Table creation codes moved to new installer file.
2. Link added to the PHPIDS Log Report file in the admin for deleting all log entries by a single click.
Full Package included in the zip file.
>>> with IP Containment Management System and Version Checker
1. DB creation code shifted to admin file.
2. IP Containment and Management System files [modified] included in this package. Added two more columns to the Banned IP table. One to add reason for banning and another to create the Time Stamp for reference purpose. These columns would be automatically created when you click Banned IP under Tools after going through the upgrade process.
3. Version Checker files included in this package.
Read Me file updated. Please ignore the previous one. Full Package included in the zip file.
>>> with IP Containment Management System and Version Checker
1. DB creation code shifted to admin file.
2. IP Containment and Management System files [modified] included in this package. Added two more columns to the Banned IP table. One to add reason for banning and another to create the Time Stamp for reference purpose. These columns would be automatically created when you click Banned IP under Tools after going through the upgrade process.
3. Version Checker files included in this package.
1. Version Checker and IP look up link added to admin PHPIDS Log Report file.
2. File Log has been disabled by default now. It is not required as DB Log is enabled.
3. Added few more exception variables which osCommerce is using during the checkout and other process.
4. Some functions [tep] have been modified.
5. Added more explanatory notes to the module file.
6. You could use this now with Security Pro of FWR with a small modification.
Setting to show result [for testing purposes] and to set value for IP ban have been added to the main configuration.
This module would ban an IP automatically if
(i) banned file exists in the modules directory,
(ii) impact score is more than the set value for ip ban and
(iii) set value for show result is false.
Added contribution link to the PHPIDS Log Report file in the admin.
Read Me HTML file updated.
PHPIDS for osCommerce 1.1
Module to include PHPIDS into osCommerce to Log and Prevent Intrusions with Admin side Log Report View and Deletion
Support Thread: http://forums.oscommerce.com/topic/358046-php-intrusion-detection-system-for-oscommerce/
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.
Web applications are regularly threatened by attacks that try to exploit programming weaknesses. The PHP-based, open source PHPIDS solution detects attempted intrusions and raises the alarm when a threat is identified. PHPIDS helps protect PHP-based applications from Cross-Site-Scripting, SQL-Injection and other attacks. The simplest scenario involves logging attacks to establish whether a site is being targeted and requires further protective measures. Installing PHPIDS is usually only a matter of a few simple steps.
Note: Contributions are used at own risk.
PHPIDS for osCommerce 1.7
PHPIDS for osCommerce 1.6