This project is not covered by Drupal’s security advisory policy.

RFI Report statistics

This module reports Remote File Inclusion attempts and adds 2 new reports to Drupal: "RFI Report" and " RFI Statistics".

RFI Report will search the log created by the dblog (core) module for Remote File Inclusion attempts (http, https, ftp) and displays full details about each attempt such as date and time of the event, the RFI script name, IP address of the machine initiating the RFI attempt, IP or domain of the server hosting the RFI script and URL to the RFI script.

RFI Statistics will display two charts; an area chart to show the total amount of RFI attempts per day and a 2nd chart to show the top 10 RFI attacking hosts.


Access to the report is limited to users with the "access site reports" privilege.

RFI Report Settings allows the administrator to determine the period for both charts.

Block RFI hosts will allow the administrator to automatically add known RFI attacking hosts to the site deny access list

Project Information