Hi Friends,
Today i did a little plugin for security reasons on server,and I will like contribute with this source for other users.
This plugin use 3 hooks to check, block and report excessive connections attempts.
- The first hook is on login_failed for keep a database of time and ips
source of connections. 2. The second hook is on startup to clear current attemps of logins, this will check the logs for failed logins to make decision of block. 3. and the Last hook is on template_object_loginform, to show a message for user of the current block condition.
Well:
- *Resuming*, if not use right user and password in 3 attempts, the user
will be blocked for 10 minutes.
thanks for all
On Fri, Jul 9, 2010 at 01:59, Anderson J. de Souza anjoel.s@gmail.com wrote:
Hi Friends, Today i did a little plugin for security reasons on server,and I will like contribute with this source for other users. This plugin use 3 hooks to check, block and report excessive connections attempts.
The first hook is on login_failed for keep a database of time and ips source of connections. The second hook is on startup to clear current attemps of logins, this will check the logs for failed logins to make decision of block. and the Last hook is on template_object_loginform, to show a message for user of the current block condition.
Well:
Resuming, if not use right user and password in 3 attempts, the user will be blocked for 10 minutes.
Great!
Am I right with my assumption that you published it at http://code.google.com/p/rcd-plugin-antibruteforce/?
The only suggestion I have is to use the write_log() function (see program/include/main.inc) for logging. This basically does what you do in logFail(). I know, it's not documented...
And moving the displayed message to a localization file would make it useful for many others, too.
Best regards, Thomas _______________________________________________ List info: http://lists.roundcube.net/dev/
-
Anderson J. de Souza -
Thomas Bruederli