The array which is send by xajax looks like that
Array
(
[xjxfun] => add_quest
[xjxr] => 1216628377620
[xjxargs] => Array
(
[0] =>
<xjxobj>
<e><k>topic</k><v>allgemein</v></e>
</xjxobj>
)
)
All data is send as an post request.
I have build an own class to react on specific impacts.
<?
set_include_path(
get_include_path()
. PATH_SEPARATOR
. 'IDS'
);
require_once 'IDS/Init.php';
require_once 'IDS/Log/Composite.php';
require_once 'IDS/Log/Database.php';
if(PHP_INC != 1)
require_once 'sys/config.inc.php';
class idps {
// Public Vars
public $request = null;
public $threshold = null;
public $ids_config = null;
public $msg = "";
public $ids_mon = null;
public $compositeLog = null;
public $init = null;
public $result = null;
// Private Vars
private static $instances = array();
private function __construct($config_path, $ids_config, $threshold,
$request) {
$this->init = IDS_Init::init($config_path);
$this->set_request($request);
$this->set_threshold($threshold);
$this->set_ids_config($ids_config);
$this->init->setConfig($this->ids_config, true);
$this->ids_mon = new IDS_Monitor($this->request, $this->init);
$this->compositeLog = new IDS_Log_Composite();
$this->compositeLog->addLogger(
IDS_Log_Database::getInstance($this->init)
);
$this->result = $this->ids_mon->run();
return $this;
}
private function react($impact, $threshold, $result, $compositeLog,
$init) {
// auf die Folgenden Angriffe reagieren und alles mit loggen
if ($impact >= $threshold['kick']) {
$this->msg = "<b>Meldung:</b> Achtung es wurde ein Hackingversuch
festgestellt, die IP-Adresse wurde mit gelogt!<br>";
$this->ids_log($result, $compositeLog);
return true;
} else if ($impact >= $threshold['warn']) {
$this->msg = "<b>Meldung:</b> Achtung es wurde ein Hackingversuch
festgestellt, die IP-Adresse wurde mit gelogt!<br>";
$this->ids_log($result, $compositeLog);
return true;
} else if ($impact >= $threshold['mail']) {
$this->msg = "<b>Meldung:</b> Achtung es wurde ein Hackingversuch
festgestellt, die IP-Adresse wurde mit gelogt!<br>";
$this->ids_log($result, $compositeLog);
return true;
} else if ($impact >= $threshold['log']) {
$this->msg = "<b>Meldung:</b> Achtung es wurde ein Hackingversuch
festgestellt, die IP-Adresse wurde mit gelogt!<br>";
$this->ids_log($result, $compositeLog);
return true;
} else {
return true;
}
}
private function ids_log($result, $compositeLog) {
// Result in die Datenbank eintragen
$compositeLog->execute($result);
}
private function set_request($request) {
$this->request = $request;
}
private function set_threshold($threshold) {
$this->threshold = $threshold;
}
private function set_ids_config($ids_config) {
$this->ids_config = $ids_config;
}
public static function init($configPath, $ids_config, $threshold,
$request) {
if (!isset(self::$instances[$configPath])) {
self::$instances[$configPath] = new idps($configPath, $ids_config,
$threshold, $request);
}
return self::$instances[$configPath];
}
public function start_ids() {
if (!$this->result->isEmpty()) {
$this->react($this->result->getImpact(), $this->threshold, $this-
>result, $this->compositeLog, $this->init);
}
}
public function get_error_msg() {
return $this->msg;
}
public function kill_app() {
if (!$this->result->isEmpty()) {
die();
return true;
} else {
return false;
}
}
}
$request = array (
'GET' => $_GET,
'POST' => $_POST,
'COOKIE' => $_COOKIE,
'SESSION' => $_SESSION
);
$request['SCRIPT_URI'] = $_SERVER['SCRIPT_URI'];
$request['REDIRECT_QUERY_STRING'] =
$_SERVER['REDIRECT_QUERY_STRING'];
$request['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
$request['SERVER_ADDR'] = $_SERVER['SERVER_ADDR'];
$threshold = array(
'log' => 3,
'mail' => 9,
'warn' => 27,
'kick' => 81
);
$idps = idps::init("IDS/Config/Config.ini", $cfg['IDS_config'],
$threshold, $request);
$idps->start_ids();
if(!$idps->result->isEmpty()) {
print $idps->get_error_msg() . "<br>";
print $idps->result;
}
$idps->kill_app();
This could be the problem.
On 21 Jul., 09:54, "Mario Heiderich" <
mario.heider...@googlemail.com>
wrote:
> Hmmm - I need some more information: How did you pass the Arrays to ceck to
> the PHPIDS? How are they nested?
>
> On Mon, Jul 21, 2008 at 7:16 AM,
sascha.wa...@googlemail.com <