ukamnya
/
roundcube-defense
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Defend roundcube from repeated login attempts
47 Commits
2 Branches
1 Tag
46 KiB
PHP 95.4%
TSQL 4.6%
 
 
Go to file
Steve Allison e0bc336890 Reformat config file a little 2013-02-21 21:25:11 +00:00
localization Add localization 2013-02-21 17:20:27 +00:00
sql Add sql schema file to sql/ 2013-02-21 18:35:29 +00:00
COPYING Add GPL 2013-02-20 12:14:55 +00:00
README.md Update README with roundcube version requirement 2013-02-21 19:15:26 +00:00
config.inc.php.dist Reformat config file a little 2013-02-21 21:25:11 +00:00
defense.php Fix debug output for check period 2013-02-21 19:19:51 +00:00

README.md

Roundcube Defense

Protects the Roundcube login page from bruteforce login attempts.

Original concept from the roundcube "security" plugin by Lazlo Westerhof. Wanting to fix the shortfalls of that plugin led me to a rewrite.

Requires Roundcube 0.9-beta or higher.

FEATURES

  • Bruteforce protection
    • Ban based on X failed-logins per Y seconds (default: 5 fails / 60m)
    • Ban for X seconds. (default: 120)
    • Increasing ban duration by power of 4 for repeated offenders (2m, 8m, 32m, 8h32m, etc)
  • Whitelist
  • Blacklist
  • Failed logins log [TODO: Logs are in DB, but no interface yet]
    • Only accessible by administrator

Example

INSTALLATION

  1. Change to plugins/ directory
  2. Clone git repository with: git clone https://github.com/stalks/roundcube-defense.git defense
  3. Add 'defense' table to SQL structure by using schema in sql/
  4. Edit config file 'config.inc.php.dist' and save as 'config.inc.php'
  5. Add 'defense' to plugins array at config/main.inc.php

ISSUES

Create an issue ticket at https://github.com/stalks/roundcube-defense/issues

HISTORY

21.02.2013 -- Version 0.1 - initial release, functional, still bug checking

=================== Created by Steve Allison - https://www.nooblet.org/