New Brute Force Detection Plugin
Background
While developing an application we were getting 1000s of brute force attacks so
we decided to create a plugin to handle detection of this to block the users.
Requirements
- PHP 5.3+
- CakePHP 1.3
- Minor intelligence
Get The Source
Manual
- Download this: http://github.com/jonbradley/Brute-Force-Detection/zipball/master
- Unzip that download.
- Copy the resulting folder to app/plugins
- Rename the folder you just copied to @intrusion
GIT Clone
- In your plugin directory type
- it clone git@github.com:jonbradley/Brute-Force-Detection.git brute_force
Installation
- Import the database schema – ./cake/console/cake schema -plugin intrusion create
- Rename and update the config in detect/config/settings.php:
- *Include the detect component in your app_controller.php: public $components = array(‘BruteForce.Detect’);
- Add the following to your beforeFilter – $this->set(‘blocked’, $this->Detect->checkForPenalty());
Now you can call $blocked anywhere you wish in your views
Options
- max_penalty : time in seconds of the penalty
- max_attempts : max number of attempts until the user is blocked
- look_back : amount of time to look back to block a user
- notify : email to nofiy of the block
Todo
- Add new features, and no I have no clue what they should be right now
You must be logged in to post a comment.
