Extension:PhpIds

What can this extension do?
This extension integrates PHPIDS as intrusion detection and prevention system for MediaWiki.

It provides the IDS together with an administration interface and some statistic views.

Usage
The extension comes with a predefined set of rules (defaults from phpids.org). After installing, the following thresholds for impact values can be set:
 * Loglimit: log the user action
 * Warnlimit: warn the user, that his actions are being watched
 * Logoutlimit: logs the user out and stops his action
 * Banlimit: bans the user from this wiki

Download instructions
Get the extension at https://trac.mni.fh-giessen.de/trac/HMW_SS10/wiki

Installation
Add the directory /extensions/PhpIds from the svn repository to your wiki.

Code changes
To activate this extension, add the following to LocalSettings.php:

Add the following code to index.php for full features, otherwise only basic impact logging will be done. This replaces the usual call of $mediaWiki->initialize or $mediaWiki->performRequestForTitle. If you see your articles displayed twice, make sure you don't call initialize / performRequest twice.

Database
The following database tables need to be created: You can find the necessary sql statements in the file install.sql. Note that you may have to prepend the prefix for your wiki while installing the tables.
 * phpids_options - stores options that can be configured via the admin interface.
 * phpids_rules and phpids_rules_values
 * phpids_cache - for DB caching
 * phpids_intrusions - single intrusions
 * phpids_aggressor - for per-user and per-ip statistics
 * phpids_suhosin_log - optional, if you want to see suhosin messages via the web interface

Configuration parameters
The extension takes basic parameters from IDS/Config/Config.ini.php as defaults. These settings are overwritten by any options stored in DB (phpids_options) via the admin interface.

User rights
No new user rights are added. The IDS can be administrated by every SysAdmin with "editinterface" rights.

(Would it be better to introduce a new right "phpidsadmin"?)