On 24/05/02, "Chand" <[EMAIL PROTECTED]> wrote: > To "solve" in a way those two dilemmas we should have two things : > - a way to log socket activity (src host, dest host, ips, user, script doing >the 'attack', etc)
Socket activity probably should not be logged from within PHP. > - a way to blacklist ips (in a host.deny way) in the php.ini for example > > I'm not sure if (and how) this is doable fairly rapidly. I have to say i > have looked in the source and did not really find a central place for all > the sockets functions where i could plug a php_syslog() call to log what i > need or implement the ip blacklisting idea. As of PHP 4.3 (the current CVS version), anything that uses socket streams is routed through main/network.c. The only exceptions that spring to mind are the ftp extension (which is due to be converted to streams at some point), and other extension libraries that open their own sockets. So, in theory, you could put a safe-mode blacklist functionality into the php_hostconnect call. You could also log read/write activity for the network streams in there. > If anyone could tell me 1/ if these two things i'm suggesting are viable, > 2/ how easily they can be implemented and how (where in the source code > might the central socket functions be), i'd be greatful. It's possible, but I'm guessing that you want a stable version of PHP for this stuff... well, it's possible to hack it in to older versions, but it would be ugly. I think you could probably still implement the blacklist using php_hostconnect, but the logging would be *really* ugly. --Wez. -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
