Jump to content
  • 0

Phpids


L3Y

Question

Hi,

 

Possible for you to tell me more about phpids?  I can see their ssl certificate on their website is expired since more than 600 days.

It was added to Blesta before their SSL expired.  Right now, it seems like their website is dead.

Are you maintaining this vendor code in Blesta, or if we rely only on vendor's updates?

 

Their ssl expired on 08/05/2013

 

I know we can surf on their website by removing the https://  but the last update on their website was on October 8, 2012.

 

Am i missing something?  Should i care about something before i enable this security feature?  As far as i can see it also had security issues in the past.

 

What's your opinion on this dear community?  :D   Am i just too much paranoid ?   :D

Thank you,

Carl

Link to comment
Share on other sites

7 answers to this question

Recommended Posts

  • 0

thier ltest activity in github was 10 months ago.

thier are a alternative named expose , but it use the same phpids rules

https://www.awnage.com/2014/01/06/ids-showdown-phpids-vs-expose/

Docs : https://expose.readthedocs.org/en/latest/

 

Expose looks interesting. Even though it hasn't been updated in some time, PHP IDS does work pretty well. We have some tasks to improve it further, as it can result in false positives for staff in Blesta. For example, editing email templates. An option to disable PHP IDS checks for authenticated staff is pending.

 

Eventually I'd like people to be able to use PHP IDS more, or whatever IDS system we ship with Blesta. It would be great too, if we were able to push down new rules to Blesta installs. If a security vulnerability were discovered, it would potentially allow us to push out a rule to block against it.

Link to comment
Share on other sites

  • 0
On 20/03/2015 at 4:03 PM, Paul said:

Eventually I'd like people to be able to use PHP IDS more, or whatever IDS system we ship with Blesta.

Is the PHPIDS plugin fully compatible with latest version of Blesta (4.2.2), MariaDB 10.1 and PHP 7.1?

Also I notice that the website phpids.org is "dead", so is this plugin being mantained and updated?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...