Extends Cockpit CMS (Next) core by providing a very simple feature of locking users after a configurable number of failed login attempts.
This addon extends Cockpit CMS (Next) core by providing a very simple feature of locking users after a configurable number of failed login attempts.
Download latest release and extract to COCKPIT_PATH/addons/UserFlood directory
git clone https://github.com/pauloamgomes/CockpitCMS-UserFlood.git ./addons/UserFlood
php ./cp install/addon --name UserFlood --url https://github.com/pauloamgomes/CockpitCMS-UserFlood.git
Make sure path to cockpit addons is defined in your projects’ composer.json file:
{"name": "MY_PROJECT","extra": {"installer-paths": {"cockpit/addons/{$name}": ["type:cockpit-module"]}}}
In your project root run:
composer require pauloamgomes/cockpitcms-userflood
The number of failed attempts can be configured as below:
flood:errors: 4 # max. allowed retries before lockoutlockout: 20 # minutes lockoutblock: 4 # deactivate user after 4 consecutive lockoutsfailban: true # auto-blacklist malicious users based on ip behavior
If no configuration is provided a default of 4 login failures is used.
An user is set to inactive (blocked) after 16 consecutive failed login attempts (tot. 4 lockouts).
The failban option automatically blacklist user’s IP related to max number of allowed errors.
The UserFlood Addon doesn’t provide (yet) any user interface, it works on the background during the authentication workflow, using the cockpit.authentication.failed, cockpit.authentication.success and cockpit.accounts.save events.
The UserFlood Addon provides the following events that can be handled by other Addons:
flood.insert - on each failure attemptflood.block - when max number of failed attemps is reached and user is lockedflood.reset - when flood user entries are removedCopyright 2018 pauloamgomes under the MIT license.