Hi,
I would like to get involved with RoundCube development and thought I would try to add this feature: http://trac.roundcube.net/ticket/1486636
Before I begin, I would like to check if this feature is actually desirable to the dev team?
My initial thought on how to implement this would be:
Add three new config settings - ban_ip_enabled, ban_ip_threshold, ban_ip_length Add a new SQL table (banned_ips) with three fields - "ip", "failed_login_count" and "expiry_time" Make two modifications to program/include/rcmail.php: ~ line 613: after a failed login attempt failed_login_count is incremented for this IP, and the expiry_time is set to (now + ban_ip_length) ~ line 551: before checking if the user/hostname is valid, check that 'SELECT count(banned_ip) FROM banned_ips where IP=$remote_ip and failed_login_count > $ban_ip_threshold and expiry_time > NOW()' returns 0
ban_ip_enabled would be checked before performing either of the checks above.
I would appreciate comments/suggestions on this approach. Also, I am not quite sure of the best way to clear out the expired entries from the banned_ips table. Is there some internal RC mechanism for performing tasks (in this case, issuing a SQL query to delete old entries) at specified intervals?
Cheers,
Mike
List info: http://lists.roundcube.net/dev/