MyBB Hacks / Miscellaneous / Intrusion Detection System

 Intrusion Detection System
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #20
RE: Intrusion Detection System
(02-12-2011 09:22 AM)trialnick Wrote:  I do appreciate your work here ( this is one of my fav mybb forums), I like your review of plugins , but you have to understand that you belong to few people around who can fluently read codes and notice holes in plugins. That's not the case for many of us, so we should find the other way. At that point, you don't have competency to realize how the "ordinary users" think Wink because you aren't part of them. Eg. bulletproof protection plugin was made for wordpress , because they are pretty aware that their users are those who use blogging to write about coffee, school, books , ants and that they aren't coders, designers etc. Hope you get my words now.
I understand what you're trying to say, but that doesn't mean one should take drastic measures which adversely affect user experience.  If you want to take it to an extreme, turning off the server will most likely prevent any attack, but the obvious consequence is no user can use it too.

(02-12-2011 09:22 AM)trialnick Wrote:  The script isn't perfect: that's why one has to search for other queries ...
No IDS system is "perfect".  The idea is simply to maximise detection of attack attempts and minimise effects on users.
A "better" IDS script is one which works better in both of the above.  I don't think a .htaccess blacklist is sufficient to really achieve the aim well - a PHP based IDS mentioned earlier in this thread will most likely have better heuristic capabilities.

(02-12-2011 09:22 AM)trialnick Wrote:  There's the great method to get blind mysql inj in very short way (using floor rand) and such queries should be prevented as well...I'll repeat: I have no idea who and how plugins are made and if I had enough time I'll read the whole code, but this is the shortcut I use (I have no ambition to be a coder ).
SQL injections are usually variables which haven't been "cleaned" by the processing script, for example:

SQL Code 
SELECT field FROM table WHERE id={id}

If "{id}" is a variable and not cleaned by the script, someone could set {id} to have arbitrary SQL.
Variables are usually placed in the WHERE statement or later, which is why blocking INSERT or SELECT probably isn't terribly useful.

My Blog
02-12-2011 03:32 PM
Find all posts by this user Quote this message in a reply

« Next Oldest | Next Newest »

Messages In This Thread
Intrusion Detection System - techu - 11-01-2010, 11:49 PM
RE: Intrusion Detection System - RateU - 11-02-2010, 04:27 AM
RE: Intrusion Detection System - MattR - 11-02-2010, 04:48 AM
RE: Intrusion Detection System - RateU - 11-02-2010, 04:58 AM
RE: Intrusion Detection System - techu - 11-02-2010, 12:19 PM
RE: Intrusion Detection System - 1master1 - 11-02-2010, 05:52 PM
RE: Intrusion Detection System - trialnick - 11-07-2010, 02:28 AM
RE: Intrusion Detection System - trialnick - 02-08-2011, 11:14 AM
RE: Intrusion Detection System - trialnick - 02-08-2011, 08:37 PM
RE: Intrusion Detection System - trialnick - 02-10-2011, 05:16 AM
RE: Intrusion Detection System - trialnick - 02-12-2011, 09:22 AM
RE: Intrusion Detection System - ZiNgA BuRgA - 02-12-2011 03:32 PM

Threaded Mode | Linear Mode
 Standard Tools
Forum Jump:



Contact Us | MyBB Hacks | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication