[Pkg-roundcube-maintainers] Bug#505267: roundcube: some form of log output on failed logins

Kris Popendorf krisp at dna.bio.keio.ac.jp
Tue Nov 11 09:53:47 UTC 2008 

Package: roundcube
Version: 0.1.1-8
Severity: wishlist


Roundcube is awesome and I like it lots, but the lack of any log output 
or hooks of any kind makes it annoyingly vulnerable to brute force 
attacks. I added a little error output into the login page to dump an 
apache-style line to stderr so it can be easily picked up by firewalling 
programs like fail2ban (see included patch).

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages roundcube depends on:
ii  roundcube-core                0.1.1-8    skinnable AJAX based webmail solut
ii  roundcube-mysql [roundcube-db 0.1.1-8    metapackage providing MySQL depend

roundcube recommends no packages.

roundcube suggests no packages.

Versions of packages roundcube-core depends on:
ii  apache2                       2.2.9-10   Apache HTTP Server metapackage
ii  apache2-mpm-prefork [httpd]   2.2.9-10   Apache HTTP Server - traditional n
ii  dbconfig-common               1.8.39     common framework for packaging dat
ii  debconf [debconf-2.0]         1.5.22     Debian configuration management sy
ii  libmagic1                     4.26-1     File type determination library us
ii  php-auth                      1.6.1-1    PHP PEAR modules for creating an a
ii  php-db                        1.7.13-2   PHP PEAR Database Abstraction Laye
ii  php-mail-mime                 1.5.2-0.1  PHP PEAR module for creating MIME 
ii  php-net-smtp                  1.3.1-1    PHP PEAR module implementing SMTP 
ii  php-net-socket                1.0.8-2    PHP PEAR Network Socket Interface 
ii  php5                          5.2.6-5    server-side, HTML-embedded scripti
ii  php5-mcrypt                   5.2.6-5    MCrypt module for php5
ii  roundcube-mysql [roundcube-db 0.1.1-8    metapackage providing MySQL depend
ii  tinymce2                      2.1.3-1    platform independent web based Jav
ii  ucf                           3.0010     Update Configuration File: preserv

-- debconf information excluded
-------------- next part --------------
A non-text attachment was scrubbed...
Name: roundcube-0.1.1-8.patch
Type: text/x-diff
Size: 534 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20081111/337beb12/attachment.patch

More information about the Pkg-roundcube-maintainers mailing list