Intrusion detection for PHP 4

A local startup, Ormigo, launched PHP IDS, a PHP-based intrusion detection system. It was written by Mario Heiderich and christ1an (who did the regular expression magic). The outstanding difference to approaches like mod_security is that it is purely PHP-based and can be integrated into your application. It basically takes a user submitted content array ($_POST, $_GET, $_COOKIE) and applies a certain set of regular expressions. When I read about it on Oliver Thylmanns Weblog I was really fascinated by the idea and started playing around with it. I’ve submitted a number of patches and proposals and started a branch to introduce a more convenient result handling which was merged back into the trunk a few hours ago. There will be a release in the next weeks and I’m looking forward on helping to make this project grow up.
Just for the record: after christ1an asked me for whom I’m working for he found a nice XSS on Neu.de which was fixed on monday. Thanks again for the hint, christ1an.

The PHP IDS subversion repository: http://phpids.googlecode.com/svn/trunk/

Filed on 15-05-2007, 22:10 under , , , , , & four comments & no trackbacks


Trackback specific URI for this entry

No Trackbacks


  1. Scott states:
    published on May 16th 2007, 08:51:41 am *


  2. Lars Strojny returns:
    published on May 16th 2007, 09:10:41 am *


  3. Scott states:
    published on May 16th 2007, 09:31:33 am *


  4. Lars Strojny returns:
    published on May 16th 2007, 11:28:59 am *


Add a Comment & let me know what you think