PHPIDS » Web Application Security 2.0

We are pleased to announce the long overdue new WPIDS release. This package is supposed to be a bug-fix release, since several problems were reported and have been wiped out. Here’s a small list of the most important issues:

• In previous versions XML-RPC was blocked completely, now you have a option to enable/disable it
• The search now works for non English chars. Before the fix all non English characters where dropped
• A bug within the logging facility caused it that all logged entries were added with a lower impact than supposed to be

Of course this version ships with the latest PHPIDS version which is currently 0.4.7. Anyway they’re still lots of work to do. For example the login page is displayed with some error/warning message. Also it turned out to not be very wise to check on the HTTP_REFERER since it throws too many false alerts.

Since the mentioned problems don’t affect your site’s security nor work flow, are they planned to resist up to the next bigger release. The next release is planned to be the Version 0.2 of WPIDS, which will be completely rewritten. Some features of Lockdown - the embedded sister project - will be kept and will be manages as opt out. Furthermore Version 0.2 will come with more granular maintenance and configuration options.

The download is available as Full Package, or you can get it from the SVN.

I’m proud to announce that WPIDS v0.1 is now officially available - please don’t feel confused by the version jump from 1.x down to 0.1- you’re grabbing the freshest sources with this release.

It took some time since the last public release, but we added a lot of useful things. For example the parameters flowing in the back end are no longer monitored so your website stays operable. Furthermore we added some really nice checks against known Intrusion attempts against Wordpress. PHPIDS 0.4.3 has been integrated directly after its release too. A even newer version is already on the way to come which will use the HTMLPurifier to keep care of the comments and the content field.

So don’t wait and get your copy of WPIDS - you can download it here.

At last I want to thank Gareth and Mario for their valuable input for this project.

Some weeks ago a basic plugin was released which enabled PHPIDS support for your Wordpress Blog. Since it has some usability flaws I’ve been planning for some time to make a port of PHPIDS to Wordpress together with David Kierznowski, but I had some initial problems with it. So it took up to today to get the first release done.

WPIDwhat?

The WPIDS offers protection for your Blog from malicious code injections. Any Request considered as malicious is logged into a database for later analysis. You can also set up email notification for attacks with very high impact. The back-end pages of the plugin will notify you if new filter rules are available and you can check a list of latest intrusion attempts.

But the most important feature of the WPIDS is that you can block attackers for some time if they are running wild on your blog. The plugin is built on the 0.3.2 core of the PHPIDS - a version shipped with the coming 0.4 milestone will be released soon.

New features coming soon

• Better design for the ‘Oh-my-god-you-got-blocked’-page
• Better browsing and analysis features for the attack list
• Functionality to clean the database from old records
• … and the feature you’d like have. Drop me a line!

For telling me what needs to be added or changed you can use my WPIDS Forum. If you have any problems with PHPIDS instead or if you discovered a vector which isn’t caught by PHPIDS yet please report to the PHPIDS team - they eat filters for breakfast.

You can download the Software here.