From 70942083ce4c752723579d318de755d0f25b0377 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 17 Oct 2015 07:37:49 -0400
Subject: [PATCH] After failed login wait a second to slow down brute-force attacks (#1490549)

---
 program/include/rcmail.php |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 67342db..918be18 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -592,6 +592,8 @@
 
         // try to log in
         if (!$storage->connect($host, $username, $pass, $port, $ssl)) {
+            // Wait a second to slow down brute-force attacks (#1490549)
+            sleep(1);
             return false;
         }
 

--
Gitblit v1.9.1