This plugin will ban IP address for X minutes after several consecutive failed login attemps.
When an IP is banned, RoundCube will return invalid credentials.
There is no dependency. This plugin was developped for Roundcube 0.9.0+ but it might be compatible with earlier versions.
- Upload the plugin in your RoundCube installation into
/plugins/. - Rename the plugin folder into
bruteforcebreaker. - Add the plugin in your plugins array in
/config/main.inc.php:
$rcmail_config['plugins'] = array('bruteforcebreaker');- It's already working ! :)
Note: Make sure that your plugin directory is writable (
chmod 755 plugins/bruteforcebreaker).
You can override default settings by copying config.inc.php.dist into config.inc.php.
- keep_trace: Log login attemps.
- nb_attemps: Number of login attemps before ban
- duration: Ban duration in seconds
- whitelist: An array of whitelist IP (they can't be banned)
You can use wildcards in your whitelist array (such as: 192.168.0.*).
Warning: This kind of wildcards won't work => 192.168.0.1*
Whitelist now handle wildcard IP.
Whitelist added in config file.
Initial commit.
This software is distributed under the MIT license by Arthur Hoaro.
Thanks to SebSauvage for the inspiration.