Posted by patrickd on February 21, 2012 at 1:20pm
http://drupal.org/project/tinyids
After several conceptual changes, I finally created a first dev release.
It's still under development but I would really appreciate deep code and functionality reviews on the current state.
Feel free to express your opinion and discuss about the general implementation in the issue queue.
regards.
Comments
Cool idea
Interesting idea, I was going to do something similar but more along the lines of a poor man's IPS. One of the problematic things I see on a regular basis are bots trolling my site for specific paths. For example -
GET /phpMyAdmin/index.php
GET /phpmyadmin/index.php
GET /phpMyAdmin-2.5.5-rc1/index.php
... and so forth. I'd like to permanently kill them as they are consuming resources. My thought was simply to create pathalias entries for paths, pointing back at a single callback function. The callback interacts with libiptphp to drop in iptables rules blocking access to whatever IP happens to hit it. This could also be done using Drupal's ip blocking but I avoid that for my purposes and prefer to use OS-level firewall rules.
I'll check out your module for sure - I get tons of form input SQL injector bots as well so it should be fairly easy to test against the common web pests. Thanks for putting it together.
Yep, I know these bots good
Yep, I know these bots good ^^
I've also tried to figure out a good way to block such request, but I could not find out a way that had acceptable performance impact. (Seems like these bot scans consume less resources then any logger that tries to block them out)
It has been a while since the release, and I know the code is still a little messy (it's a dev! ;-P) - but I've had no technical feedback yet, but I would really appreciate some concept and code reviews before I continue to work on this.
(I commented it pretty well! I promise!)
Thanks
tinyids-alpha1
Spend some more work on it and released a first alpha for d6 and d7:
https://drupal.org/project/tinyids
Very interesting
This looks promising. A coworker and I were just discussing this very topic so I'm certainly going to take it for a test drive and will give you feedback.
Chris Hales - mediacurrent.com
Trying it on D6
I'm testing out TinyIDS on my D6 instance. I installed it and set it to paranoid. Then I tried tinkering with the URL, both by putting some XSS in the URL bar and then on another page, replacing the node id with ' or '1'='1#
Sure, I get a 404, but I don't see anything from TinyIDS in my Recen Log Entries. Should I be? How do you best test that TinyIDS is functioning properly and reacting to attacks?
Thank you.
Thanks for testing! :)
(please use the modules issue queue for reporting any of your findings.)
I guess you were logged in as admin while you tested it ?
As admins have the "bypass tinyids" permission by default, everything they do will be ignored.
I included a simpletest (it was a ten minute thing so bare with me) to test its general functionality quickly.