Hi,
I would like to get involved with RoundCube development and thought I would try to add this feature: http://trac.roundcube.net/ticket/1486636
Before I begin, I would like to check if this feature is actually desirable to the dev team?
My initial thought on how to implement this would be:
Add three new config settings - ban_ip_enabled, ban_ip_threshold, ban_ip_length Add a new SQL table (banned_ips) with three fields - "ip", "failed_login_count" and "expiry_time" Make two modifications to program/include/rcmail.php: ~ line 613: after a failed login attempt failed_login_count is incremented for this IP, and the expiry_time is set to (now + ban_ip_length) ~ line 551: before checking if the user/hostname is valid, check that 'SELECT count(banned_ip) FROM banned_ips where IP=$remote_ip and failed_login_count > $ban_ip_threshold and expiry_time > NOW()' returns 0
ban_ip_enabled would be checked before performing either of the checks above.
I would appreciate comments/suggestions on this approach. Also, I am not quite sure of the best way to clear out the expired entries from the banned_ips table. Is there some internal RC mechanism for performing tasks (in this case, issuing a SQL query to delete old entries) at specified intervals?
Cheers,
Mike
List info: http://lists.roundcube.net/dev/
There is already a fail2ban plugin which does this.
mattrude.com/projects/roundcube-fail2ban-plugin/
On Apr 16, 2010, at 7:57 AM, Mike Ryan wrote:
Hi,
I would like to get involved with RoundCube development and thought I would try to add this feature: http://trac.roundcube.net/ticket/1486636
Before I begin, I would like to check if this feature is actually desirable to the dev team?
My initial thought on how to implement this would be:
Add three new config settings - ban_ip_enabled, ban_ip_threshold, ban_ip_length Add a new SQL table (banned_ips) with three fields - "ip", "failed_login_count" and "expiry_time" Make two modifications to program/include/rcmail.php: ~ line 613: after a failed login attempt failed_login_count is incremented for this IP, and the expiry_time is set to (now + ban_ip_length) ~ line 551: before checking if the user/hostname is valid, check that 'SELECT count(banned_ip) FROM banned_ips where IP=$remote_ip and failed_login_count > $ban_ip_threshold and expiry_time > NOW()' returns 0
ban_ip_enabled would be checked before performing either of the checks above.
I would appreciate comments/suggestions on this approach. Also, I am not quite sure of the best way to clear out the expired entries from the banned_ips table. Is there some internal RC mechanism for performing tasks (in this case, issuing a SQL query to delete old entries) at specified intervals?
Cheers,
Mike
List info: http://lists.roundcube.net/dev/
-- Ryan Horrisberger Software Developer
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/Tu/6vu1MbgO/smime.p7s Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/
Mike Ryan wrote:
Before I begin, I would like to check if this feature is actually desirable to the dev team?
I think this should be implemented as plugin.
I would appreciate comments/suggestions on this approach. Also, I am not quite sure of the best way to clear out the expired entries from the banned_ips table. Is there some internal RC mechanism for performing tasks (in this case, issuing a SQL query to delete old entries) at specified intervals?
rcube_session::register_gc_handler()
On Fri, Apr 16, 2010 at 3:13 PM, A.L.E.C alec@alec.pl wrote:
Mike Ryan wrote:
Before I begin, I would like to check if this feature is actually desirable to the dev team?
I think this should be implemented as plugin.
Looks like it doesn't even need the plugin for 0.3.1 onwards: http://mattrude.com/projects/roundcube-fail2ban-plugin/#comment-809 . I guess myself and the original submitter should have googled a bit more first.
I would appreciate comments/suggestions on this approach. Also, I am not quite sure of the best way to clear out the expired entries from the banned_ips table. Is there some internal RC mechanism for performing tasks (in this case, issuing a SQL query to delete old entries) at specified intervals?
rcube_session::register_gc_handler()
Thanks for the info.
List info: http://lists.roundcube.net/dev/
I would like to get involved with RoundCube development and thought I would try to add this feature: http://trac.roundcube.net/ticket/1486636
I've also written a plugin that shows a reCAPTCHA verification image instead of a complete ban after login failures. It might be of some use: http://github.com/dennylin93/rcguard
-
A.L.E.C -
Denny Lin -
Mike Ryan -
Ryan Horrisberger