There is already a fail2ban plugin which does this.

mattrude.com/projects/roundcube-fail2ban-plugin/


On Apr 16, 2010, at 7:57 AM, Mike Ryan wrote:

Hi,

I would like to get involved with RoundCube development and thought I would try to add this feature: http://trac.roundcube.net/ticket/1486636

Before I begin, I would like to check if this feature is actually desirable to the dev team?

My initial thought on how to implement this would be:

Add three new config settings - ban_ip_enabled, ban_ip_threshold, ban_ip_length
Add a new SQL table (banned_ips) with three fields - "ip", "failed_login_count" and "expiry_time"
Make two modifications to program/include/rcmail.php:
    ~ line 613: after a failed login attempt failed_login_count is incremented for this IP, and the expiry_time is set to (now + ban_ip_length)
    ~ line 551: before checking if the user/hostname is valid, check that 'SELECT count(banned_ip) FROM banned_ips where IP=$remote_ip and failed_login_count > $ban_ip_threshold and expiry_time > NOW()' returns 0

ban_ip_enabled would be checked before performing either of the checks above.

I would appreciate comments/suggestions on this approach. Also, I am not quite sure of the best way to clear out the expired entries from the banned_ips table. Is there some internal RC mechanism for performing tasks (in this case, issuing a SQL query to delete old entries) at specified intervals?

Cheers,

Mike

_______________________________________________
List info: http://lists.roundcube.net/dev/

--
Ryan Horrisberger
Software Developer


Detachments -The following attachments have been detached and are available for viewing.

Only click these links if you trust the sender, as well as this message.