Though Drupal should not be vulnerable to SQL Injection attacks, it could be handy to know when someone is attempting to exploit them. Kind of makes you think that that person might not have the best of intentions for your site. It would be nice to integrate the ability to use PHP-IDS so that admins can see more of who is trying to attack them.


deekayen’s picture

Ok, so here's what I had in mind.

Start by making php-ids pluggable, so that if you create a sites/all/modules/troll/php-ids directory and drop the php-ids files in there, Troll will pick it up and the configuration will show some options related to php-ids that weren't there otherwise. As the first round of implementation, I believe php-ids can just signal a warning. Catch that signal and log it in watchdog and track on the user's troll tab. I see you have a CVS account, so would you want to just commit as you go?

Anonymous’s picture

Assigned: Unassigned »

That sounds great. Thank you.

deekayen’s picture

CVS granted. It'd be nice if you drop me an email or file a closed issue every now and then when you make a big commit so if people file issues, I'm in the loop, too.

Anonymous’s picture

Status: Active » Closed (fixed)

This has been added in the latest commit.

deekayen’s picture

Status: Closed (fixed) » Patch (to be ported)

Needs to be ported to HEAD/7.x.

Anonymous’s picture

Assigned: » Unassigned

I'm afraid I can't do D7 just yet.

deekayen’s picture

Should this still be updated to 7.x with the module in existence?

Rocketman’s picture

I am trying to use this module in a FreeBSD jail.

The problem is that the jail does not expose the actual IP address of the users but rather the internal IP address of the jail.

We use X-Forwarded-For support in pound to enable Apache to log the actual IP address of the client.

Can Troll be configured to use the X-Forwarded-For header?

Please consider adding this support to Troll and PHP-IDS if they do not support it.

Here is an example of the problem:
IP History
IP Status Last Access First Access Host Information not banned Tuesday, June 23, 2009 - 01:10 Tuesday, June 23, 2009 - 00:59 domain name pointer

deekayen’s picture

I think the patch ought to look like something that integrates with rather than keeping php-ids built into troll.

deekayen’s picture

Title: Integration with PHP-IDS » Integration with PHP-IDS module
Category: feature » task
mgifford’s picture

Version: master » 7.x-1.x-dev
Issue summary: View changes
Status: Patch (to be ported) » Active

Probably still a good idea.