Roundcube/Plugin/rcguard

Aus Foxwiki
Version vom 27. August 2023, 15:29 Uhr von Dirkwagner (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)

rcguard

This plugin logs failed login attempts and requires users to go through a reCAPTCHA verification process when the number of failed attempts go too high. This provides protection against automated attacks.

  • Installed via composer dsoares/rcguard
  • Plugin name: rcguard
mv config.inc.php.dist config.inc.php

You have to obtain a key from http://www.google.com/recaptcha. Put the key in your config file:

> nano config.inc.php

// Public key for reCAPTCHA
$config['recaptcha_publickey'] = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

// Private key for reCAPTCHA
$config['recaptcha_privatekey'] = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

Create the mysql table where to store the logs of all failed attempts. IPs are released after a certain amount of time.

> mysql -u root -p
mysql> use roundcube;

CREATE TABLE `rcguard` (
  `ip` VARCHAR(40) NOT NULL,
  `first` DATETIME NOT NULL,
  `last` DATETIME NOT NULL,
  `hits` INT(10) NOT NULL,
  PRIMARY KEY (`ip`),
  INDEX `last_index` (`last`),
  INDEX `hits_index` (`hits`)
) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;

quit;

That's it. The captha will be active after 5 failures. You can set this number in the config file.

Different themes and translations of recaptcha are available. Simply edit rcguard.js. For documentation, see:  https://developers.google.com/recaptcha