Pertinence for this issue:
Botnets attack millions of websites everyday using their Internet-connected programs
BruteProtect is a security plugin that guards against botnets by connecting its users to track every failed login attempt across all installed users of the plugin. When you activate BruteProtect you become a part of an Internet-connected counter force that works against botnets.

BruteProtect logs every failed attempt community-wide
When an IP has too many failed attempts in a specific period of time, BruteProtect logs and blocks that IP across the entire BruteProtect network (your site included). The more users of BruteProtect, the safer we all are from traditional brute force attacks, and distributed brute force attacks that use many different servers and IP addresses.

Clean PAReview: http://pareview.sh/pareview/httpgitdrupalorgsandboxparkallc2220615git
Project Sandbox: https://drupal.org/sandbox/parka_llc/2220615
Public Git: git clone git://git.drupal.org/sandbox/Parka_LLC/2220615.git bruteprotect
WordPress Plugin comparison: http://wordpress.org/plugins/bruteprotect/
Company Website: http://bruteprotect.com

NOTES:

This is the official BruteProtect Module for Drupal developed by the creators of the WordPress plugin of the same name: BruteProtect (http://wordpress.org/plugins/bruteprotect/). Our WordPress plugin has been community reviewed by 1000s of WordPress developers and is well accepted in the community. BruteProtect is installed on 60,000+ WordPress sites and grows by the hundreds every single day. We are now expanding our footprint to include Drupal. We are unaware of any Drupal project that implements our API at current making this a unique project that makes use of our API.

This is a security related module and we welcome INFORMED opinions only in regards to anything security related that is outside the scope of Drupal or this task issue (IE: How to handle botnets is outside the scope of this issue and Drupal in general).
If you ARE on the Drupal Security Team, we want to hear your ideas/opinions/suggestions if any. Otherwise if you are NOT on the Drupal Security Team, please do not waste our time or others time with opinions outside the scope of this task since it would detract from the task at hand which is to get this module published.

Other than that, you should be ok to comment on this issue. We are not Drupal experts, we are security experts but we do have some Drupal developers in-house that helped put this module together. So let us know if there is anything that could be done in a "Drupal" manor.

CommentFileSizeAuthor
#3 error2.png35.51 KBRkumar
#3 error1.png6.26 KBRkumar

Comments

Parka_LLC’s picture

Parka_LLC commented
Issue summary: View changes

The bold wasnt closed at its intended spot. Eyes hurt.

PA robot’s picture

PA robot commented

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

Rkumar’s picture

Rkumar commented
Status: Needs review » Needs work
StatusFileSize
new error1.png6.26 KB
new error2.png35.51 KB

Hi Parka_LLC,
i appreciate your efforts.
I found few issues. Please look into this
1. By coder modules

bruteprotect.module

severity: criticalreview: security_2Line 558: Potential problem: drupal_set_message() only accepts filtered text, be sure to use check_plain(), filter_xss() or similar to ensure your $variable is fully sanitized. (Drupal Docs) [security_2]

drupal_set_message("Bruteprotect: $msg (Server date/time: " . date("m/d/Y h:i:s a T") . ')', $type);

severity: normalreview: i18n_8Line 558: The $message argument to drupal_set_message() should be enclosed within t() so that it is translatable. [i18n_8]

drupal_set_message("Bruteprotect: $msg (Server date/time: " . date("m/d/Y h:i:s a T") . ')', $type);

2. When i go to config page its gives warning. Screenshot attcahed. error2.png

3. I goto 'admin/config/system/bruteprotect/api_key', click on 'Generate Key', it gives me fatal error. error1.png

Parka_LLC’s picture

Parka_LLC commented

We have changed the server API around a little bit and have not yet updated the Drupal module to include these changes. This is likely the cause of the key not functioning. I'll carve out some time in the morning to get the module up to date with the newest enpoint api calls as well as look for anymore missing t() calls. I got most of them I believe, let us know if there are more hiding anywhere. The more eyes the better. Also, are these automated reports? If so, what did you use so that I can use this also. I mainly use the PA Scraper to find coding standard issues like that. This is almost a straight port of the WP module, so there are going to be some missing t()'s and things like that. Thanks for the report.

Rkumar’s picture

Rkumar commented

https://drupal.org/project/coder
Use this for check standards.

PA robot’s picture

PA robot commented
Status: Needs work » Closed (won't fix)

Closing due to lack of activity. Feel free to reopen if you are still working on this application (see also the project application workflow).

I'm a robot and this is an automated message from Project Applications Scraper.