Intrusion Detection System

techu · 11-01-2010 11:49 PM

Today in a thread Ryan Gordan wrote:

Quote:It was our Intrusion Detection System giving false positives. It should allow you to post it now.

If anyone knows, what is this??
Is it a feature in mybb or is it unique for mybb.com?

***RateU*** · 11-02-2010 04:27 AM

I think it is a "special" feature for the site, related to the rule in Requests/Services/Jobs forum.

MattR · 11-02-2010 04:48 AM

It's nothing to do with the rules in that forum, it's a general security feature for the site.

***RateU*** · 11-02-2010 04:58 AM

Ah... I thought it has a relationship with the rules for advertiser there.
Ah yes, I think the" error" comes from the reply of PM.

***ZiNgA BuRgA*** · 11-02-2010 12:06 PM

I believe it's a special plugin installed only on that forum to try to make attacks against it more difficult.
Ultimately, how successful it is does depend on the exploit an attacker is using and how creative they are at coding around the filters (if necessary at all).

I think it's based off PHPIDS: http://php-ids.org/

techu · 11-02-2010 12:19 PM

(11-02-2010 12:06 PM)ZiNgA BuRgA Wrote: I believe it's a special plugin installed only on that forum to try to make attacks against it more difficult.
Ultimately, how successful it is does depend on the exploit an attacker is using and how creative they are at coding around the filters (if necessary at all).

I think it's based off PHPIDS: http://php-ids.org/

So do your think php-ids.org actually works??

***ZiNgA BuRgA*** · 11-02-2010 12:51 PM

Of course it does.
Probably not a good idea to rely on it however.

1master1 · 11-02-2010 05:52 PM

yeah, its bad to rely on them as they block some of the basic php functionalities. i had installed injection scanner and it is working fine but not allowing members to perform some basic functionalites on the site.

mainly it is interferring with the RSS feed poster but working fine when who ever tries to run/injection commands to deface the site, it will actively refuse them.

trialnick · 11-07-2010 02:28 AM

Quote:but not allowing members to perform some basic functionalites on the site.

injection scanner is fine, I used that too. If it doesn't allow some fuctions you can simply filtered them out. In the list of exploits , some codes are missing as the list is made in 2007.

I use googleseo, and unistalled injection scanner; so I modified htaccess file -putting there many exploit codes (so far I've mainly for sql , xss and javascript inj.), I used bulletproof + my queries (like|rlike etc)

hope it helps Jap

MasterZuFu · 01-03-2011 10:19 AM

Sorry to revive an old thread.

I'd like to see if it's possible for someone to make a plugin with this web software? It'd be really nice to have to say the least.

Threaded Mode \| Linear Mode Standard Tools
Forum Jump: View a Printable Version Send this Thread to a Friend Subscribe to this thread