function preDispatch(Zend_Controller_Request_Abstract $request)
{
try {
require_once 'IDS/Init.php';
require_once 'IDS/Log/Composite.php';
require_once 'IDS/Log/Database.php';
#require_once 'IDS/Log/File.php';
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(APPLICATION_PATH . '/../library/phpids/lib/IDS/Config/Config.ini.php');
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
// This is where you should put some code that
// deals with potential attacks, e.g. throwing
// an exception, logging the attack, etc.
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_Database::getInstance($init));
#$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
echo $result;
die('<h1>Go away!</h1>');
#$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
#$redirector->gotoUrl('default/error/error/eh/ids')->redirectAndExit();
}
return $request;
} catch (Exception $e) {
try {
$writer = new Zend_Log_Writer_Stream(APPLICATION_LOG_PATH . 'plugin-ids.log');
$logger = new Zend_Log($writer);
$logger->log($e->getMessage() . ' line ' . $e->getLine() . ' file ' . $e->getFile(), Zend_Log::ERR);
} catch (Exception $e) {
}
}
}
function dvwaPhpIdsTrap()
{
try {
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/Config/Config.ini');
$init->config['General']['base_path'] = DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
// 2. Initiate the PHPIDS and fetch the results
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
echo 'Hacking attempt detected and logged.';
//echo $result;
exit;
}
} catch (Exception $e) {
/*
* something went terribly wrong - maybe the
* filter rules weren't found?
*/
printf('An error occured: %s', $e->getMessage());
}
}
function dvwaPhpIdsTrap()
{
global $_DVWA;
try {
/*
* 1. Define what to scan
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/Config/Config.ini');
$init->config['General']['base_path'] = DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
// 2. Initiate the PHPIDS and fetch the results
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
echo 'Hacking attempt detected and logged.<br />Have a nice day.';
if ($_DVWA['default_phpids_verbose'] == 'true') {
echo $result;
}
exit;
}
} catch (Exception $e) {
// Something went terribly wrong - maybe the filter rules weren't found?
printf('An error occured: %s', $e->getMessage());
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$req = array('GET' => $request->getQuery(), 'POST' => $request->getPost(), 'COOKIE' => $request->getCookie(), 'PARAMS' => $request->getUserParams());
$init = IDS_Init::init(APPLICATION_PATH . '/configs/phpids.ini');
$ids = new IDS_Monitor($req, $init);
$result = $ids->run();
if (!$result->isEmpty()) {
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
$compositeLog->execute($result);
}
}
*
* In the result object you will find any suspicious
* fields of the passed array enriched with additional info
*
* Note: it is moreover possible to dump this information by
* simply echoing the result object, since IDS_Report implemented
* a __toString method.
*/
if (!$result->isEmpty()) {
// echo $result;
/*
* The following steps are optional to log the results
*/
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
/*
* Note that you might also use different logging facilities
* such as IDS_Log_Email or IDS_Log_Database
*
* Just uncomment the following lines to test the wrappers
*/
/*
*
require_once 'IDS/Log/Email.php';
require_once 'IDS/Log/Database.php';
$compositeLog->addLogger(
IDS_Log_Email::getInstance($init),
IDS_Log_Database::getInstance($init)
/**
* Run PHPIDS
*
* @return void
*/
public function run()
{
// Are we running in the WordPress admin?
//if ( is_admin() AND $this->enable_admin == false ) {
/// return;
//}
//hassan HMWP_MS
$can_deactive = false;
if (isset($_COOKIE['hmwp_can_deactivate']) && preg_replace("/[^a-zA-Z]/", "", substr(NONCE_SALT, 0, 8)) == preg_replace("/[^a-zA-Z]/", "", $_COOKIE['hmwp_can_deactivate'])) {
$can_deactive = true;
}
if (!$this->opt('ids_admin_include') && $can_deactive) {
return false;
}
if (is_admin() && !$this->opt('ids_level')) {
// is 0
return false;
}
if ($this->opt('login_query')) {
$login_query = preg_replace("/[^a-zA-Z]/", "", substr(NONCE_SALT, 0, 6)) . '_' . $this->opt('login_query');
} else {
$login_query = preg_replace("/[^a-zA-Z]/", "", substr(NONCE_SALT, 0, 6)) . '_' . 'hide_my_wp';
}
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => '', 'SERVER' => '');
//Do not allow to cookies block login area!
// if ($this->opt('ids_cookie') && strpos($_SERVER['PHP_SELF'], 'wp-login.php')===false)
// $request['COOKIE'] = $_COOKIE;
$request['SERVER'] = array('HTTP_REFERER' => '', 'REQUEST_URI' => isset($_SERVER['REQUEST_URI']) ? strtok($_SERVER["REQUEST_URI"], '?') : '', 'PHP_SELF' => isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : '');
if (isset($_GET['style_wrapper']) && $this->opt('admin_key') && isset($_GET[$login_query]) && $_GET[$login_query] == $this->opt('admin_key')) {
$request['SERVER'] = '';
} else {
$request['SERVER'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
}
if ($this->has_short_values($_GET, 5) && $this->has_short_values($_POST, 5) && $this->has_short_values($_REQUEST, 5) && $this->has_short_values($request['SERVER'], 12)) {
return false;
}
$init = $this->init_ids();
$ids = new IDS_Monitor($request, $init);
$this->result = $ids->run();
// Nothing more to do
if ($this->result->isEmpty()) {
return;
}
$max = 0;
foreach ($this->result as $event) {
$max = max($max, $event->getImpact());
}
//echo '<br>count'.$this->result->count().'totalimpact';
//echo '<pre>';print_r($this->result->getImpact());echo '</pre>';
$compositeLog = new IDS_Log_Composite();
//if ( $this->enable_intrusion_logs ) {
if ($this->opt('log_ids_min') && $this->opt('log_ids_min') <= $this->result->getImpact()) {
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(new HMWP_MS_Log_Database());
// Update new intrusion count, log the event
$this->update_intrusion_count();
}
// Send alert email
if ($this->opt('email_ids_min') && $this->opt('email_ids_min') <= $this->result->getImpact()) {
require_once 'hmwp_ms/Log_Email.php';
$compositeLog->addLogger(HMWP_MS_Log_Email::getInstance($init, 'HMWP_MS_Log_Email'));
}
$compositeLog->execute($this->result);
if ($this->opt('block_ids_min') && $this->opt('block_ids_min') <= $this->result->getImpact()) {
$this->block_access();
// Load custom error page
//add_action( 'template_redirect', array( $this, 'load_template' ) );
// Catch wp-login.php requests
//add_action( 'hmwp_ms_wp_login', array( $this, 'load_template' ) );
}
//$this->ban_user();
// Warning page runs last to allow for ban processing
// $this->warning_page();
}
/**
* This function sends out a mail
* about the intrusion including the intrusion details
*
* @param array $results
* @return boolean
*/
private function idsmail($result)
{
vendor('phpids/IDS/Log/Email.php');
vendor('phpids/IDS/Log/Composite.php');
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_Email::getInstance($this->init->config['IDS_Logging']['recipient'], $this->config['IDS_Logging']['subject'], NULL, $this->init->config['IDS_Logging']['safemode'], $this->init->config['IDS_Logging']['allowed_rate'], $this->init->config['IDS_Basic']['tmp_path']));
if (!$result->isEmpty()) {
$compositeLog->execute($result);
}
return true;
}
$ids_init->config['General']['base_path'] = TM_INCLUDEPATH . '/phpids/lib/IDS/';
$ids_init->config['General']['use_base_path'] = true;
#$ids_init->config['General']['use_base_path'] = false;
$ids_init->config['General']['html'] = array("POST.summary", "POST.body", "POST.body_text", "POST.subject", "POST.message_doptin", "POST.message_greeting", "POST.message_update", "POST.content");
$ids_init->config['General']['exceptions'] = array("POST.summary", "POST.body", "POST.body_text", "POST.subject", "POST.message_doptin", "POST.message_greeting", "POST.message_update", "POST.content", "REQUEST.summary", "REQUEST.body", "REQUEST.body_text", "REQUEST.subject", "REQUEST.message_doptin", "REQUEST.message_greeting", "REQUEST.message_update", "REQUEST.content");
$ids_init->config['Caching']['caching'] = 'file';
//none
$ids_init->config['Caching']['expiration_time'] = 600;
$ids_init->config['Caching']['path'] = "../../../../admin/tmp/phpids.cache";
$ids_init->config['Logging']['path'] = "../../../../admin/tmp/phpids.log";
#$ids_init->config['Caching']['path'] =TM_INCLUDEPATH."/../admin/tmp/phpids.cache";
#$ids_init->config['Logging']['path'] =TM_INCLUDEPATH."/../admin/tmp/phpids.log";
$ids = new IDS_Monitor($ids_request, $ids_init);
$ids_result = $ids->run();
if (!$ids_result->isEmpty()) {
/*
* The following steps are optional to log the results
*/
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Email.php';
require_once 'IDS/Log/Composite.php';
#require_once (TM_INCLUDEPATH.'/phpids/lib/IDS/Log/File.php');
#require_once (TM_INCLUDEPATH.'/phpids/lib/IDS/Log/Email.php');
#require_once (TM_INCLUDEPATH.'/phpids/lib/IDS/Log/Comopsite.php');
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($ids_init), IDS_Log_Email::getInstance($ids_init));
$compositeLog->execute($ids_result);
#if (DEBUG) echo $ids_result;
$_MAIN_MESSAGE .= "<h1>PHPIDS Intrusion detection:</h1>";
$_MAIN_MESSAGE .= "<pre><font size=1 color=\"red\">" . $ids_result . "</font></pre>";
}
public function processIDS()
{
/**
* PHPIDS
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2010 PHPIDS group (http://php-ids.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the license.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
// set the include path properly for PHPIDS
set_include_path(get_include_path() . PATH_SEPARATOR . 'IDS/lib/');
if (!session_id()) {
session_start();
}
require_once 'IDS/Init.php';
try {
/*
* It's pretty easy to get the PHPIDS running
* 1. Define what to scan
*
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = IDS_Init::init(dirname(__FILE__) . '/IDS/Config/Config.ini.php');
/**
* You can also reset the whole configuration
* array or merge in own data
*
* This usage doesn't overwrite already existing values
* $config->setConfig(array('General' => array('filter_type' => 'xml')));
*
* This does (see 2nd parameter)
* $config->setConfig(array('General' => array('filter_type' => 'xml')), true);
*
* or you can access the config directly like here:
*/
$init->config['General']['base_path'] = dirname(__FILE__) . '/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
// 2. Initiate the PHPIDS and fetch the results
$ids = new IDS_Monitor($request, $init);
$result = $ids->run();
/*
* That's it - now you can analyze the results:
*
* In the result object you will find any suspicious
* fields of the passed array enriched with additional info
*
* Note: it is moreover possible to dump this information by
* simply echoing the result object, since IDS_Report implemented
* a __toString method.
*/
if (!$result->isEmpty()) {
// echo $result;
Yii::log($result, 'warning', 'application.components.ids');
/*
* The following steps are optional to log the results
*/
require_once 'IDS/Log/File.php';
require_once 'IDS/Log/Composite.php';
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
/*
* Note that you might also use different logging facilities
* such as IDS_Log_Email or IDS_Log_Database
*
* Just uncomment the following lines to test the wrappers
*/
/*
*
require_once 'IDS/Log/Email.php';
require_once 'IDS/Log/Database.php';
$compositeLog->addLogger(
IDS_Log_Email::getInstance($init),
IDS_Log_Database::getInstance($init)
);
*/
$compositeLog->execute($result);
if ($this->callback !== NULL) {
call_user_func($this->callback);
} else {
throw new CHttpException(500, $this->genericMessage);
}
} else {
// echo '<a href="?test=%22><script>eval(window.name)</script>">No attack detected - click for an example attack</a>';
}
} catch (Exception $e) {
/*
* sth went terribly wrong - maybe the
* filter rules weren't found?
*/
/*printf(
'An error occured: %s',
$e->getMessage()
);*/
Yii::log($e->getMessage(), 'warning', 'application.components.ids');
throw new CHttpException(500, $this->genericMessage);
}
}
