PHPIDS 0.4.7 ”Roberta” waiting to be downloaded
Article written by .mario
We are glad to announce the freshest release of the PHPIDS. As you might have expected we did a lot of work optimizing the converter and the centrifuge again. Also the rules were improved slightly to catch several sophisticated SQL Injection vectors Johannes Dahse submitted. Again we have to thank David Lindsay, Gareth Heyes and others for their great work. The system wouldn’t even be as half as good without their contributions and intense testing.
The PHPIDS now performs way better when dealing with UTF7 XSS and especially data URIs with mixed encoding. Gareth and his outstanding Hackvertor managed to create some weird but sophisticated examples of how data URIs can be obfuscated to the max. Don’t forget to check out his amazing tool.
The PHPIDS now also ’speaks’ Base64 - so no vector obfuscation with this encoding anymore, bad guys! The count of false alerts has decreased amazingly with the new rules so if an incoming string was detected as suspicious by the PHPIDS you can almost be 99% sure that it was an intrusion attempt.
We’d also like to thank the community from our forum for the help on optimizing the system and adding improvements here and there. Be sure to grab the latest packages here - again no API changes by the way so patching will work without any problems.
This entry was posted
on Wednesday, February 20th, 2008 at 12:54 am and is filed under PHPIDS.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
March 11th, 2008 at 9:22 am
sir,
I required algorithm to detect & prevent SQL injection attacks
I required a dataflow diagram regarding this
March 11th, 2008 at 11:23 am
That’s fine - so how can we help you?
March 13th, 2008 at 5:52 am
<b><i>Hello</i></b> still causes a false positive of 11. How on earth is that 99% accuracy? Considering the usage of said tags, I’m fairly certain your IDS will consistently bring false positives, because you’ve blacklisted anything that has to do with the internet. :\
March 13th, 2008 at 11:30 am
@fragge: First of all this input string results in an impact of 4 - not 11. Please test before posting.
http://demo.php-ids.org/?test=%3Cb%3E%3Ci%3EHello%3C/i%3E%3C/b%3E
Second: What application would allow you to pass input strings as such per GET/POST if it’s no WYSIWYG editor? If you allow HTML for certain fields then don’t use the PHPIDS on them - it makes no sense and was discussed over and over again in the forum, the group and son sla.ckers.org. If you don’t such a string can be cosidered a XSS probing - and should be detected with a small impact - which exactly happens.
Greetings,
.mario
March 17th, 2008 at 5:09 pm
[...] PHPIDS 0.4.7: Die Dame “Roberta” möchte vom Infostand gedownloaded werden
Sie wartet dort bereits seit 20. Februar, also nix wie hin: Neben verschiedenen Optimierungen wurde die Unterstützung für UTF7 und BASE64 hinzugefügt und verbessert. Die API hat keine Veränderungen erfahren - ein Update ist also problemlos möglich. [...]