Open main menu

Extension:PhpIds

MediaWiki extensions manual
OOjs UI icon advanced.svg
PhpIds
Release status: experimental
Implementation User activity , Special page , Database
Description This extension aims at integrating PHPIDS as IDS and IPS into MediaWiki
Author(s) (DocSnydertalk)
Latest version 0.2 (2010-09-27)
MediaWiki 1.15, 1.16
PHP 5.2
License GPL
Download https://trac.mni.fh-giessen.de/trac/HMW_SS10/
Translate the PhpIds extension if it is available at translatewiki.net
Check usage and version matrix.

What can this extension do?Edit

This extension integrates PHPIDS as intrusion detection and prevention system for MediaWiki.

It provides the IDS together with an administration interface and some statistic views.

UsageEdit

The extension comes with a predefined set of rules (defaults from phpids.org).

After installing, the following thresholds for impact values can be set:

  • Loglimit: log the user action
  • Warnlimit: warn the user, that his actions are being watched
  • Logoutlimit: logs the user out and stops his action
  • Banlimit: bans the user from this wiki

Download instructionsEdit

InstallationEdit

Add the directory /extensions/PhpIds from the svn repository to your wiki.

Code changesEdit

To activate this extension, add the following to LocalSettings.php :

// Load PHPIDS as first extension
require_once( "$IP/extensions/PhpIds/phpids.php" );

Add the following code to index.php for full features, otherwise only basic impact logging will be done.

if ($phpidsmw->preCheck($phpips, $wgOut, $wgUser, $wgRequest)) {
	$mediaWiki->initialize( $wgTitle, $wgArticle, $wgOut, $wgUser, $wgRequest ); // MediaWiki Version 1.15
	//$mediaWiki->performRequestForTitle( $wgTitle, $wgArticle, $wgOut, $wgUser, $wgRequest ); // MediaWiki Version 1.16
}

$phpidsmw->postCheck($wgOut, $wgUser);

This replaces the usual call of $mediaWiki->initialize or $mediaWiki->performRequestForTitle. If you see your articles displayed twice, make sure you don't call initialize / performRequest twice.

DatabaseEdit

The following database tables need to be created:

  • phpids_options - stores options that can be configured via the admin interface.
  • phpids_rules and phpids_rules_values
  • phpids_cache - for DB caching
  • phpids_intrusions - single intrusions
  • phpids_aggressor - for per-user and per-ip statistics
  • phpids_suhosin_log - optional, if you want to see suhosin messages via the web interface

You can find the necessary sql statements in the file install.sql. Note that you may have to prepend the prefix for your wiki while installing the tables.

Configuration parametersEdit

The extension takes basic parameters from IDS/Config/Config.ini.php as defaults. These settings are overwritten by any options stored in DB (phpids_options) via the admin interface.

User rightsEdit

No new user rights are added. The IDS can be administrated by every SysAdmin with "editinterface" rights.

(Would it be better to introduce a new right "phpidsadmin"?)