With the new 0.9-beta I found some plugins needed updating. The antiBruteForce plugin that I relied on to thwart bruteforce login attempts no longer worked. I searched for an alternative and found the ‘security’ plugin, which looked like it would be a good alternative. However upon closer inspection it seems to miss a few critical features, so I set out to fill the void of a decent anti-brute-force plugin for Roundcube 0.9+.
Introducing roundcube-defense.
- Bruteforce protection
- Ban based on X failed-logins per Y seconds (default: 5 fails / 60m)
- Ban for X seconds. (default: 120)
- Increasing ban duration by power of 4 for repeated offenders (2m, 8m, 32m, 8h32m, etc)
- Only accessible by administrator
Visit the github page for more information. Worked fine with internal testing, however any bug reports or feature requests are welcome via the issues tracker.
Hi
Thanks for the plugin 🙂
I would be nice if there’s a feature which remove all the old entries ( row: epoch ) in the defense table .
Unfortunately this will not work on current (1.2.3) versions of Roundcube, as the whole API has totally changed by now…