Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Plugins - Lockout
Category: Logging in
This plugin allows you to create a list of users and/or domains that should be disallowed login access to SquirrelMail. It also allows you to block brute-force password guessing attacks, although please note that this will ONLY help fight such attacks in the SquirrelMail interface, and should really be implemented in your mail system's authentication backend.
Version 1.7
by Paul Lesniewski on Nov 12, 2010
Please support this plugin's development: Donate to this author
[ lockout-1.7-1.4.1.tar.gz tarball (7341 d/l) Help ]
Requires: SquirrelMail 1.4.1 or greater, Compatibility plugin 2.0.11 or greater
Description: - Added a configuration setting to $activate_CAPTCHA_after_failed_attempts that allows immediate CAPTCHA deactivation upon a successful login
Older versions
Version 1.6
by Paul Lesniewski on Apr 12, 2008
[ lockout-1.6-1.4.1.tar.gz tarball (7558 d/l) Help ]
Requires: SquirrelMail 1.4.1 or greater, Compatibility plugin 2.0.11 or greater
Description: - Allow overrides of SquirrelMail SMTP/Sendmail settings when sending administrative alert emails
Version 1.5
by Paul Lesniewski on Mar 11, 2008
[ lockout-1.5-1.4.1.tar.gz tarball (5666 d/l) Help ]
Requires: SquirrelMail 1.4.1 or greater, Compatibility plugin 2.0.11 or greater
Description: - Updated to use sq_send_mail for notification messages
- Added ability to log lockout events in Squirrel Logger plugin
- Remove use of login_top hook
Version 1.4
by Paul Lesniewski on Jul 21, 2007
[ lockout-1.4-1.4.1.tar.gz tarball (6336 d/l) Help ]
Requires: SquirrelMail 1.4.1 or greater, Compatibility plugin 2.0.7 or greater
Description: - Added ability to disable accounts that have too many successive login failures, including optional administrative alert email
- Added IP-based blacklisting
- Added ability to enable the CAPTCHA plugin for IP addresses that have too many successive login failures
- Move lockout check to hook that occurs BEFORE user is actually logged in
- Updated for compatibility with SM 1.5.2+
- Updated for use with new Compatibility plugin
- Miscellaneous cleanup
- Security considerations/audit thanks to Ben at reCAPTCHA.net
Version 1.3
by Paul Lesniewski on Feb 5, 2004
[ lockout-1.3-1.2.tar.gz tarball (10004 d/l) Help ]
Requires: SquirrelMail 1.2 or greater, Compatibility plugin
Description:
- Added abilty to reverse lockout functionality (lock out everyone *except* those listed in the lockout table)
Version 1.1
by Paul Lesniewski on Sep 5, 2003
[ lockout-1.1-1.2.tar.gz tarball (6725 d/l) Help ]
Requires: SquirrelMail 1.2 or greater, Compatibility plugin
Description: - Added ability to redirect to another web page or to the standard SquirrelMail "bad username or password" page (with simulated bad login delay to foil hackers)
Version 1.0
by Paul Lesniewski on Jul 5, 2003
[ lockout-1.0-1.2.tar.gz tarball (6343 d/l) Help ]
Requires: SquirrelMail 1.2, Compatibility plugin
Description: Initial release
If you have problems with the download or decompressing...
- Internet Explorer
- Right-click on the file, then select "Save Target As"
- Firefox, Mozilla, Netscape
- Right-click on the file, then select "Save Link As"
- Opera
- Right-click on the file, then select "Save Link Document As"
- Lynx and Links
- Press "d" on the link to download the file directly.
- Untarring problems: Your browser might have un-gzipped it for you
automatically. Try just "tar xvf" instead of
"tar xvfz". Also, the plugins archive isn't gzipped
(it is a tarball of .tar.gz files)
- Macintosh users: Just hold down your mouse button to get the menu
instead of right-clicking.
- If all else fails, seek our help
|