SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade
Plugins - Lockout
Category: Logging in

This plugin allows you to create a list of users and/or domains that should be disallowed login access to SquirrelMail. It also allows you to block brute-force password guessing attacks, although please note that this will ONLY help fight such attacks in the SquirrelMail interface, and should really be implemented in your mail system's authentication backend.


Version 1.7
by Paul Lesniewski on Nov 12, 2010
Please support this plugin's development: Donate to this author
[ lockout-1.7-1.4.1.tar.gz tarball (2886 d/l) Help ]
Requires: SquirrelMail 1.4.1 or greater, Compatibility plugin 2.0.11 or greater

Description:
  • Added a configuration setting to $activate_CAPTCHA_after_failed_attempts that allows immediate CAPTCHA deactivation upon a successful login

Older versions

Version 1.6
by Paul Lesniewski on Apr 12, 2008
[ lockout-1.6-1.4.1.tar.gz tarball (3768 d/l) Help ]
Requires: SquirrelMail 1.4.1 or greater, Compatibility plugin 2.0.11 or greater

Description:
  • Allow overrides of SquirrelMail SMTP/Sendmail settings when sending administrative alert emails


Version 1.5
by Paul Lesniewski on Mar 11, 2008
[ lockout-1.5-1.4.1.tar.gz tarball (2016 d/l) Help ]
Requires: SquirrelMail 1.4.1 or greater, Compatibility plugin 2.0.11 or greater

Description:
  • Updated to use sq_send_mail for notification messages
  • Added ability to log lockout events in Squirrel Logger plugin
  • Remove use of login_top hook


Version 1.4
by Paul Lesniewski on Jul 21, 2007
[ lockout-1.4-1.4.1.tar.gz tarball (2701 d/l) Help ]
Requires: SquirrelMail 1.4.1 or greater, Compatibility plugin 2.0.7 or greater

Description:
  • Added ability to disable accounts that have too many successive login failures, including optional administrative alert email
  • Added IP-based blacklisting
  • Added ability to enable the CAPTCHA plugin for IP addresses that have too many successive login failures
  • Move lockout check to hook that occurs BEFORE user is actually logged in
  • Updated for compatibility with SM 1.5.2+
  • Updated for use with new Compatibility plugin
  • Miscellaneous cleanup
  • Security considerations/audit thanks to Ben at reCAPTCHA.net


Version 1.3
by Paul Lesniewski on Feb 5, 2004
[ lockout-1.3-1.2.tar.gz tarball (6350 d/l) Help ]
Requires: SquirrelMail 1.2 or greater, Compatibility plugin

Description:
  • Added abilty to reverse lockout functionality (lock out everyone *except* those listed in the lockout table)


Version 1.1
by Paul Lesniewski on Sep 5, 2003
[ lockout-1.1-1.2.tar.gz tarball (3253 d/l) Help ]
Requires: SquirrelMail 1.2 or greater, Compatibility plugin

Description:
  • Added ability to redirect to another web page or to the standard SquirrelMail "bad username or password" page (with simulated bad login delay to foil hackers)


Version 1.0
by Paul Lesniewski on Jul 5, 2003
[ lockout-1.0-1.2.tar.gz tarball (2913 d/l) Help ]
Requires: SquirrelMail 1.2, Compatibility plugin

Description: Initial release

If you have problems with the download or decompressing...
Internet Explorer
Right-click on the file, then select "Save Target As"
Firefox, Mozilla, Netscape
Right-click on the file, then select "Save Link As"
Opera
Right-click on the file, then select "Save Link Document As"
Lynx and Links
Press "d" on the link to download the file directly.
  • Untarring problems: Your browser might have un-gzipped it for you automatically. Try just "tar xvf" instead of "tar xvfz". Also, the plugins archive isn't gzipped (it is a tarball of .tar.gz files)
  • Macintosh users: Just hold down your mouse button to get the menu instead of right-clicking.
  • If all else fails, seek our help
© 1999-2010 by The SquirrelMail Project Team