Reborn for Modern Drupal (D10 & D11)
Crowd Bruteforce Protection (CBP) is back and completely re-engineered for the modern web. Just like the original vision, this module connects us all together like one big Drupal installation. When one site detects a threat, the entire crowd gets smarter.
The 2.0.x release is a complete rewrite from the ground up, designed specifically for Drupal 10 and 11. It utilizes a hybrid security model that combines local reactive protection with asynchronous crowd intelligence.
How it Works: The Hybrid Model
We believe security shouldn't slow down your site. The new CBP uses a "Local First, Cloud Second" approach:
- Reactive Defense (Local): If an attacker hammers your login form, CBP detects it immediately using local thresholds. It bans the bad guy instantly on your server to save your resources.
- Asynchronous Reporting (Queue): Instead of making your users wait for an API call, we queue the report. A background worker quietly sends the threat data to our central intelligence engine.
- Crowd Intelligence (Global): If the crowd confirms this IP is a global threat, the module can proactively ban it before it even touches your login page (depending on your configuration).
Key Features (2.0.x)
- Smart Flood Control: Decorates Drupal's core flood service to detect login attacks with zero latency.
- Vulnerability Scanner: Intelligently monitors 404 errors. It ignores internal broken links (admin errors) but flags suspicious behavior—like bots scanning for
wp-login.phpor old exploit paths. - Protocol Mismatch Detection: Smart enough to distinguish between a real user following a bad link and a bot retrying non-SSL paths.
- Fail-Open Design: If the API server goes down, your site stays up. Your local protection continues to work 100% of the time.
- Performance Focused: Heavy lifting is done via Queue Workers to prevent thread exhaustion during attacks.
Legacy Version (Drupal 7)
The 7.x-1.x branch of this module was a pioneer in crowd-sourced security but is now end-of-life.
The code and functionality described below apply only to the Drupal 7 version and are not compatible with modern Drupal.
Summary of the original D7 functionality:
- Dependencies: Relied on
flood_unblockandflood_controlcontrib modules. - Honeypot Integration: Banned IPs based on Honeypot form failures.
- StopForumSpam: Integrated external data from StopForumSpam.com.
- Direct Blocking: Banned IPs instantly upon hitting a strict threshold.
- Project Status: The original API server was retired in 2020 due to costs. The project is now active again under new maintainership with a sustainable architecture.
Join the Crowd
The more people who install this module, the effective it becomes. We are kicking the bad guys to the curb by sharing intelligence.
Whether you are a small blog or a large enterprise, your participation helps protect the entire Drupal ecosystem.
Installation:
composer require drupal/cbp
Supporting organizations:
Actively developing the project.
Project information
- Project categories: Security
- Ecosystem: Flood control
297 sites report using this module- Created by crystaldawn on , updated
Stable releases for this project are covered by the security advisory policy.
There are currently no supported stable releases.
