Defend roundcube from repeated login attempts
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Роман 61ddd3428c
3 years ago
localization Russian locale 3 years ago
sql PostgreSQL support 3 years ago
COPYING Add GPL 8 years ago Update 3 years ago Reformat config file a little 8 years ago
defense.php roundcube 1.3 support 3 years ago

Roundcube Defense

Protects the Roundcube login page from bruteforce login attempts.

Original concept from the roundcube "security" plugin by Lazlo Westerhof. Wanting to fix the shortfalls of that plugin led me to a rewrite.

Requires Roundcube 1.3 or higher.


  • Bruteforce protection
    • Ban based on X failed-logins per Y seconds (default: 5 fails / 60m)
    • Ban for X seconds. (default: 120)
    • Increasing ban duration by power of 4 for repeated offenders (2m, 8m, 32m, 8h32m, etc)
  • Whitelist
  • Blacklist
  • Failed logins log [TODO: Logs are in DB, but no interface yet]
    • Only accessible by administrator



  1. Change to plugins/ directory
  2. Clone git repository with: git clone defense
  3. Add 'defense' table to SQL structure by using schema in sql/
  4. Edit config file '' and save as ''
  5. Add 'defense' to plugins array at config/


Create an issue ticket at


10.12.2017 -- Version 1.0

21.02.2013 -- Version 0.1 - initial release, functional, still bug checking


Created by Steve Allison -

Forked and upgraded by Inpos