NYCPHP Meetup

[bzcoder]

mod_Security -http://www.modsecurity.org/
Allows you to at the server level detect and log hack attempts

Note: it's default ruleset can be very aggressive against some CMS 
applications, leading to adding exceptions to the ruleset for normal 
functionality(or more accurately, it leads to people posting on forums 
saying "help, my web site suddenly stopped working today when you do X" 
only to discover their web provider enabled mod_security and they need 
an exception to the ruleset to function)

PHPIDS - http://php-ids.org/
Instead of functioning at the web server level, this functions at the 
PHP level and gives you a much easier ability to modify your actions 
using PHP.  You can use the auto-prepend PHP function to add your IDS 
script to every PHP script file automatically at runtime if you wish.

mikesz at qualityadvantages.com wrote:
> Hello NYPHP,
>
> I found the following attempted hack in the access log on one of my sites:
>
> "GET /index.php?Mode=http://badguyurl.ru/index.html?"
>
> In this case, the hacker didn't gain access to the site because a
> database script failed instead.
>
> I would like to be more proactive with trapping this and sending the
> results of the trap back to me so I can track and ban IP addresses
> etc.
>
> I have a procedure that I hacked for previous exploits but am
> interested now in other options that I may not have used previously.
>
>