Compare commits
2 Commits
Author | SHA1 | Date |
---|---|---|
Steve Allison | 49812d9746 | |
Steve Allison | 9af9edf09d |
|
@ -5,7 +5,7 @@ Protects the Roundcube login page from bruteforce login attempts.
|
||||||
Original concept from the roundcube "security" plugin by Lazlo Westerhof.
|
Original concept from the roundcube "security" plugin by Lazlo Westerhof.
|
||||||
Wanting to fix the shortfalls of that plugin led me to a rewrite.
|
Wanting to fix the shortfalls of that plugin led me to a rewrite.
|
||||||
|
|
||||||
Requires Roundcube 1.3 or higher.
|
Requires Roundcube 0.9-beta or higher.
|
||||||
|
|
||||||
FEATURES
|
FEATURES
|
||||||
-------------------
|
-------------------
|
||||||
|
@ -34,13 +34,8 @@ Create an issue ticket at https://github.com/stalks/roundcube-defense/issues
|
||||||
|
|
||||||
HISTORY
|
HISTORY
|
||||||
--------------------
|
--------------------
|
||||||
10.12.2017 -- Version 1.0
|
|
||||||
|
|
||||||
21.02.2013 -- Version 0.1
|
21.02.2013 -- Version 0.1
|
||||||
- initial release, functional, still bug checking
|
- initial release, functional, still bug checking
|
||||||
|
|
||||||
===================
|
===================
|
||||||
|
|
||||||
Created by Steve Allison - https://www.nooblet.org/
|
Created by Steve Allison - https://www.nooblet.org/
|
||||||
|
|
||||||
Forked and upgraded by Inpos
|
|
||||||
|
|
10
defense.php
10
defense.php
|
@ -46,7 +46,7 @@ class defense extends rcube_plugin {
|
||||||
*/
|
*/
|
||||||
private function debug($string) {
|
private function debug($string) {
|
||||||
if (!$this->debugEnabled) { return; }
|
if (!$this->debugEnabled) { return; }
|
||||||
rcube::write_log($this->logfile, $this->ipaddr . " # " . $string);
|
write_log($this->logfile, $this->ipaddr . " # " . $string);
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* Check if IP is matched against all IPs in array,
|
* Check if IP is matched against all IPs in array,
|
||||||
|
@ -148,7 +148,7 @@ class defense extends rcube_plugin {
|
||||||
// I can't seem to try/catch database entries so I have no details regarding error
|
// I can't seem to try/catch database entries so I have no details regarding error
|
||||||
$string = "Error communicating with database.";
|
$string = "Error communicating with database.";
|
||||||
$this->debug($string);
|
$this->debug($string);
|
||||||
rcube::write_log('error', 'plugin::defense: ' . $string);
|
write_log('error', 'plugin::defense: ' . $string);
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* Return true if IP matches config whitelist
|
* Return true if IP matches config whitelist
|
||||||
|
@ -258,7 +258,7 @@ class defense extends rcube_plugin {
|
||||||
$this->debugEnabled = $this->rc->config->get('defense_debug_enabled', false);
|
$this->debugEnabled = $this->rc->config->get('defense_debug_enabled', false);
|
||||||
|
|
||||||
// set client ip
|
// set client ip
|
||||||
$this->ipaddr = rcube_utils::remote_ip();
|
$this->ipaddr = rcmail_remote_ip();
|
||||||
|
|
||||||
// Roundcube event hooks
|
// Roundcube event hooks
|
||||||
$this->add_hook('template_object_loginform', array($this, 'hookLoginForm'));
|
$this->add_hook('template_object_loginform', array($this, 'hookLoginForm'));
|
||||||
|
@ -290,9 +290,9 @@ class defense extends rcube_plugin {
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->isBanned($this->ipaddr)) {
|
if (($this->ban_httpstatus) && ($this->isBanned($this->ipaddr))) {
|
||||||
if ($this->ban_httpstatus) { $this->sendForbiddenHeader(); }
|
|
||||||
$this->debug("IP already banned");
|
$this->debug("IP already banned");
|
||||||
|
$this->sendForbiddenHeader();
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->debug("Sending login form.");
|
$this->debug("Sending login form.");
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
$labels = array();
|
|
||||||
$labels['ipbanned'] = 'Вы заблокированы на %s';
|
|
||||||
|
|
||||||
?>
|
|
|
@ -8,7 +8,7 @@ CREATE TABLE IF NOT EXISTS `defense` (
|
||||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||||
`epoch` int(11) NOT NULL,
|
`epoch` int(11) NOT NULL,
|
||||||
`type` tinyint(4) NOT NULL,
|
`type` tinyint(4) NOT NULL,
|
||||||
`ipaddr` varchar(256) NOT NULL,
|
`ipaddr` varchar(40) NOT NULL,
|
||||||
`data` text NOT NULL,
|
`data` text NOT NULL,
|
||||||
PRIMARY KEY (`id`)
|
PRIMARY KEY (`id`)
|
||||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=30 ;
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=30 ;
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
CREATE SEQUENCE defense_seq;
|
|
||||||
|
|
||||||
CREATE TABLE IF NOT EXISTS defense (
|
|
||||||
id int NOT NULL DEFAULT NEXTVAL ('defense_seq'),
|
|
||||||
epoch int NOT NULL,
|
|
||||||
type smallint NOT NULL,
|
|
||||||
ipaddr varchar(256) NOT NULL,
|
|
||||||
data text NOT NULL,
|
|
||||||
PRIMARY KEY (id)
|
|
||||||
) ;
|
|
||||||
|
|
||||||
ALTER SEQUENCE defense_seq RESTART WITH 30;
|
|
Loading…
Reference in New Issue