Skip to content
This repository has been archived by the owner on Oct 1, 2023. It is now read-only.

lazynooblet/roundcube-defense

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Roundcube Defense

Protects the Roundcube login page from bruteforce login attempts.

Original concept from the roundcube "security" plugin by Lazlo Westerhof. Wanting to fix the shortfalls of that plugin led me to a rewrite.

Requires Roundcube 0.9-beta or higher.

FEATURES

  • Bruteforce protection
    • Ban based on X failed-logins per Y seconds (default: 5 fails / 60m)
    • Ban for X seconds. (default: 120)
    • Increasing ban duration by power of 4 for repeated offenders (2m, 8m, 32m, 8h32m, etc)
  • Whitelist
  • Blacklist
  • Failed logins log [TODO: Logs are in DB, but no interface yet]
    • Only accessible by administrator

Example

INSTALLATION

  1. Change to plugins/ directory
  2. Clone git repository with: git clone https://github.com/stalks/roundcube-defense.git defense
  3. Add 'defense' table to SQL structure by using schema in sql/
  4. Edit config file 'config.inc.php.dist' and save as 'config.inc.php'
  5. Add 'defense' to plugins array at config/main.inc.php

ISSUES

Create an issue ticket at https://github.com/stalks/roundcube-defense/issues

HISTORY

21.02.2013 -- Version 0.1 - initial release, functional, still bug checking

=================== Created by Steve Allison - https://www.nooblet.org/

About

Defend roundcube from repeated login attempts

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages