Support » Plugin: Mute Screamer » How does the ban threshold work?

  • Resolved wycks


    Where can I find more info on the ban threshold parameters (default 70), I tried looking on phpids site but could not find anything.

    I ask because some repeated attacks are getting through ( I’m assuming because they are under the threshold) and would like to know what exactly the threshold parameters are.

    For example , with default threshold at 70 an xss like
    /2011/04/poll_logs.php?qid=%27 is not limited by the Attack repeat limit setting.


Viewing 1 replies (of 1 total)
  • Plugin Author ampt


    The impact values are defined in default_filter.xml this is where the filter rules are defined and the impact value associated with them.

    You can find more info on the impact value in the PHPIDS whitepaper under the title “Working with the impact”

    The whitepaper mentions that a normal attack impact ranks at about a range of 5-50. The ban threshold and all the default thresholds in Mute Screamer are a little higher than stated in the whitepaper.

    Why are the default values in Mute Screamer a little higher? The impact value in most cases is doubled, since the way that PHP handles global variables GET, POST, COOKIE, REQUEST. Any data in GET, POST or COOKIE is combined in REQUEST. Since PHPIDS is configured to check all of these global variables we end up with a double impact value in mosts cases.

    Here’s some background info on why we check all global variables which results in the double impact value:

Viewing 1 replies (of 1 total)
  • The topic ‘How does the ban threshold work?’ is closed to new replies.