Compare commits
2 Commits
Author | SHA1 | Date |
---|---|---|
Steve Allison | 49812d9746 | |
Steve Allison | 9af9edf09d |
|
@ -5,7 +5,7 @@ Protects the Roundcube login page from bruteforce login attempts.
|
|||
Original concept from the roundcube "security" plugin by Lazlo Westerhof.
|
||||
Wanting to fix the shortfalls of that plugin led me to a rewrite.
|
||||
|
||||
Requires Roundcube 1.3 or higher.
|
||||
Requires Roundcube 0.9-beta or higher.
|
||||
|
||||
FEATURES
|
||||
-------------------
|
||||
|
@ -34,13 +34,8 @@ Create an issue ticket at https://github.com/stalks/roundcube-defense/issues
|
|||
|
||||
HISTORY
|
||||
--------------------
|
||||
10.12.2017 -- Version 1.0
|
||||
|
||||
21.02.2013 -- Version 0.1
|
||||
- initial release, functional, still bug checking
|
||||
|
||||
===================
|
||||
|
||||
Created by Steve Allison - https://www.nooblet.org/
|
||||
|
||||
Forked and upgraded by Inpos
|
||||
|
|
10
defense.php
10
defense.php
|
@ -46,7 +46,7 @@ class defense extends rcube_plugin {
|
|||
*/
|
||||
private function debug($string) {
|
||||
if (!$this->debugEnabled) { return; }
|
||||
rcube::write_log($this->logfile, $this->ipaddr . " # " . $string);
|
||||
write_log($this->logfile, $this->ipaddr . " # " . $string);
|
||||
}
|
||||
/**
|
||||
* Check if IP is matched against all IPs in array,
|
||||
|
@ -148,7 +148,7 @@ class defense extends rcube_plugin {
|
|||
// I can't seem to try/catch database entries so I have no details regarding error
|
||||
$string = "Error communicating with database.";
|
||||
$this->debug($string);
|
||||
rcube::write_log('error', 'plugin::defense: ' . $string);
|
||||
write_log('error', 'plugin::defense: ' . $string);
|
||||
}
|
||||
/**
|
||||
* Return true if IP matches config whitelist
|
||||
|
@ -258,7 +258,7 @@ class defense extends rcube_plugin {
|
|||
$this->debugEnabled = $this->rc->config->get('defense_debug_enabled', false);
|
||||
|
||||
// set client ip
|
||||
$this->ipaddr = rcube_utils::remote_ip();
|
||||
$this->ipaddr = rcmail_remote_ip();
|
||||
|
||||
// Roundcube event hooks
|
||||
$this->add_hook('template_object_loginform', array($this, 'hookLoginForm'));
|
||||
|
@ -290,9 +290,9 @@ class defense extends rcube_plugin {
|
|||
die();
|
||||
}
|
||||
|
||||
if ($this->isBanned($this->ipaddr)) {
|
||||
if ($this->ban_httpstatus) { $this->sendForbiddenHeader(); }
|
||||
if (($this->ban_httpstatus) && ($this->isBanned($this->ipaddr))) {
|
||||
$this->debug("IP already banned");
|
||||
$this->sendForbiddenHeader();
|
||||
}
|
||||
|
||||
$this->debug("Sending login form.");
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
<?php
|
||||
|
||||
$labels = array();
|
||||
$labels['ipbanned'] = 'Вы заблокированы на %s';
|
||||
|
||||
?>
|
|
@ -8,7 +8,7 @@ CREATE TABLE IF NOT EXISTS `defense` (
|
|||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`epoch` int(11) NOT NULL,
|
||||
`type` tinyint(4) NOT NULL,
|
||||
`ipaddr` varchar(256) NOT NULL,
|
||||
`ipaddr` varchar(40) NOT NULL,
|
||||
`data` text NOT NULL,
|
||||
PRIMARY KEY (`id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=30 ;
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
CREATE SEQUENCE defense_seq;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS defense (
|
||||
id int NOT NULL DEFAULT NEXTVAL ('defense_seq'),
|
||||
epoch int NOT NULL,
|
||||
type smallint NOT NULL,
|
||||
ipaddr varchar(256) NOT NULL,
|
||||
data text NOT NULL,
|
||||
PRIMARY KEY (id)
|
||||
) ;
|
||||
|
||||
ALTER SEQUENCE defense_seq RESTART WITH 30;
|
Loading…
Reference in New Issue