On Fri, Jul 9, 2010 at 01:59, Anderson J. de Souza <[email protected]> wrote: > Hi Friends, > Today i did a little plugin for security reasons on server,and I will > like contribute with this source for other users. > This plugin use 3 hooks to check, block and report excessive connections > attempts. > > The first hook is on login_failed for keep a database of time and ips source > of connections. > The second hook is on startup to clear current attemps of logins, this will > check the logs for failed logins to make decision of block. > and the Last hook is on template_object_loginform, to show a message for > user of the current block condition. > > Well: > > Resuming, if not use right user and password in 3 attempts, the user will be > blocked for 10 minutes.
Great! Am I right with my assumption that you published it at http://code.google.com/p/rcd-plugin-antibruteforce/? The only suggestion I have is to use the write_log() function (see program/include/main.inc) for logging. This basically does what you do in logFail(). I know, it's not documented... And moving the displayed message to a localization file would make it useful for many others, too. Best regards, Thomas _______________________________________________ List info: http://lists.roundcube.net/dev/
