Roundcube Plugin: Defense


With the new 0.9-beta I found some plugins needed updating. The antiBruteForce plugin that I relied on to thwart bruteforce login attempts no longer worked. I searched for an alternative and found the ‘security’ plugin, which looked like it would be a good alternative. However upon closer inspection it seems to miss a few critical features, so I set out to fill the void of a decent anti-brute-force plugin for Roundcube 0.9+.

Introducing roundcube-defense.

  • Bruteforce protection
    • Ban based on X failed-logins per Y seconds (default: 5 fails / 60m)
    • Ban for X seconds. (default: 120)
    • Increasing ban duration by power of 4 for repeated offenders (2m, 8m, 32m, 8h32m, etc)
  • Whitelist
  • Blacklist
  • Failed logins log [TODO: Logs are in DB, but no interface yet]
    • Only accessible by administrator

Visit the github page for more information. Worked fine with internal testing, however any bug reports or feature requests are welcome via the issues tracker.

2 thoughts on “Roundcube Plugin: Defense

  1. B,

    Hi

    Thanks for the plugin 🙂
    I would be nice if there’s a feature which remove all the old entries ( row: epoch ) in the defense table .

    Reply
  2. Gwyneth Llewelyn

    Unfortunately this will not work on current (1.2.3) versions of Roundcube, as the whole API has totally changed by now…

    Reply

Leave a Reply

You may leave the Name and Email fields blank to post anonymously.