Popularity

6.6

Growing

Activity

0.0

Stable

Stars 784

Watchers 91

Forks 267

Last Commit over 8 years ago

Description

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the fair LGPL!

Code Quality Rank: L3

Monthly Downloads: 136

Programming language: PHP

License: GNU Lesser General Public License v3.0 or later

Tags: Security

Latest version: v0.7

PHP IDS alternatives and similar libraries

Based on the "Security" category.
Alternatively, view PHP IDS alternatives based on common mentions on social networks and blogs.

Zed

9.7 9.2 L2 PHP IDS VS Zed

The ZAP core project
random_compat

9.1 0.0 PHP IDS VS random_compat

PHP 5.x support for random_bytes() and random_int()

WorkOS - The modern identity platform for B2B SaaS

The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

Promo workos.com

PHPSecLib

8.9 8.9 L2 PHP IDS VS PHPSecLib

PHP Secure Communications Library
PHP Encryption

8.3 5.6 L3 PHP IDS VS PHP Encryption

Simple Encryption in PHP.
HTML Purifier

8.1 5.4 L3 PHP IDS VS HTML Purifier

Standards compliant HTML filter written in PHP
SensioLabs Security Check

7.8 7.6 L2 PHP IDS VS SensioLabs Security Check

A database of PHP security advisories
Cossack Labs

7.2 5.9 L3 PHP IDS VS Cossack Labs

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
IniScan

6.8 0.0 L4 PHP IDS VS IniScan

A php.ini scanner for best security practices
Optimus

6.4 0.0 L5 PHP IDS VS Optimus

🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.
Halite

6.3 0.0 L4 PHP IDS VS Halite

High-level cryptography interface powered by libsodium
RandomLib

6.1 0.0 L5 PHP IDS VS RandomLib

A library for generating random numbers and strings
AntiXSS

5.7 3.8 L3 PHP IDS VS AntiXSS

㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP
scheb/two-factor-bundle

4.9 5.1 PHP IDS VS scheb/two-factor-bundle

DISCONTINUED. [ABANDONED] Two-factor authentication for Symfony 2 & 3 applications 🔐. Please use the newer versions from https://github.com/scheb/2fa.
PHP SSH

4.7 0.0 L4 PHP IDS VS PHP SSH

An experimental object oriented SSH api in PHP
Elliptic-PHP

3.9 4.3 PHP IDS VS Elliptic-PHP

Fast, general Elliptic Curve Cryptography library. Supports curves used in Bitcoin, Ethereum and other cryptocurrencies (secp256k1, ed25519, ..)
CIDRAM

3.0 9.4 PHP IDS VS CIDRAM

CIDRAM: Classless Inter-Domain Routing Access Manager.
SecurityMultiTool

2.8 0.0 L4 PHP IDS VS SecurityMultiTool

A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.
TCrypto

2.1 0.0 L5 PHP IDS VS TCrypto

TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library
True Random

1.8 0.0 L5 PHP IDS VS True Random

Fetches random integers from random.org instead of using PHP's PRNG implementation
VAddy

- PHP IDS VS VAddy

A continuous security testing platform for web applications.

* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.

Do you think we are missing an alternative of PHP IDS or a related project?

Add another 'Security' Library

Popular Comparisons

README

PHPIDS

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the fair LGPL!

Contributions

If you would like to contribute, please open a pull request. If you need something to do, have a look at our open issues.

Credits

The project was started by Christian Matthies [email protected] and Mario Heiderich [email protected]. Mario spend a lot of time maintaining PHPIDS mostly on his own. Huge props for that. Currently Lars Strojny [email protected] merges pull requests.

An incomplete list of contributors:

LeverOne for his outstanding work, testing and XSS vectors from the depths of markup hell
Kishor for providing cutting edge XSS and great help in the group
Martin Hinks for great hints, the .NETIDS and help with false positives
SirDarckCat for providing XSS so advanced it made us shiver
Gareth Heyes for his help enhancing the rules and very creative XSS vectors
Kevin Schroeder for the audit and great help on testing and enhancing the PHPIDS
xorrer for his help optimizing the rules against his cryptic and sophisticated XSS vectors
Johannes Dahse for his help optimizing the SQLI rules
Roberto Salgado for helping hardening the SQLI rules with his SQL-Fu
tx for even more outstanding SQLI stuff and almost magic PHP code injection vectors
Giorgio Maone for redefining the word JavaScript with his vectors
thornmaker for submitting smart and very hard to detect JavaScript concatenation vectors
Martin Trauth for helping us with the design and giving hints on estate usability
Ronald v.d. Heetkamp for helping on the SQLI and XSS detection issues
Dan for helping i18n-ing the PHPIDS
CrYpTiC_MauleR for providing great hints and XSS magic
Robert Hansen for providing (sl|h)a.ckers.org and the XSS cheat sheet
beford for providing great hints and esoteric but working XSS

*Note that all licence references and agreements mentioned in the PHP IDS README section above are relevant to that project's source code only.