Tools

What is MyPHPIPS?

MyPHPIPS (MyPHP Intrusion Prevention System) is an open source PHP Web Application Intrusion Prevention System. It was based on PHPIDS (phpids.org) and distributed under the LGPL License. This work is supported by CyberSecurity Malaysia.

MyPHPIPS intends to assist the web developer/maintainers to secure their PHP CMS/application deployments without having with minimal resources (i.e time and money)

MyPHPIPS is a portable and less-hassle framework that serves as an extra security layer to defend against invalid/malicious requests to the web application or content management systems.

MyPHPIPS should work right out of the box ® with the pre-configured settings. All you need to do is to call MyPHPIPS in your application. (refer to README)

How does it work?

It uses PHPIDS to calculate an impact value that can come from malicious requests and reacts to them. The attack recognition is based on a set of approved and heavily tested filter rules where any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt.

Based on the configuration, attacks that exceed the threshold impact rating will be blocked as for the current Alpha release; only error message will appear on the screen. We are planning to enhance the features but you might need to wait for that in future releases.

Requirements

MyPHPIPS is platform independent and can be run on any system with PHP 5.1.6 or greater installed (UNIX/Linux/Windows).

Download

MyPHPIPS is available for download at the Google Code repository http://code.google.com/p/myphpips/downloads/list

How to use it

To start using MyPHPIPS, first checkout the code from our Google Code repository http://code.google.com/p/myphpips/

  1. Go to the directory where the configuration file is located
  2. Upload the whole IDS folder (and the content) there
  3. Look for your configuration file. Usually:
    • Joomla: configuration.php
    • Wordpress: wp-config.php
    • Drupal: sites/default/settings.php
    • phpBB: config.php
    • myBB: inc/config.php
  4. Edit your config file, add the following lines and make sure it is within code tag (if the file is not a database configuration file, use header/index file):
    define('MyPHPIPS', dirname(__FILE__).'/IDS/');
    require_once(MyPHPIPS.'MyPHPIPS.php');
  5. Change the 'cache' folder permission inside the IDS folder so that it is writable
  6. Test your installation with some attack :-
    http://www.example.com/yourcms/?page_id=../../../etc/passwd


Question/Suggestion?

Feel free to contact us at honeynet[at]cybersecurity.my to give feedback or comments. Or you can also report the issues to our Google Code’s page http://code.google.com/p/myphpips/issues/list