Contrib.social

[Meta] Roadmap to version 2.0

Open on Drupal.org →
Created on 23 April 2025, 2 days ago

Problem/Motivation

This issue collects child issues with details about new features that should go into the next major update of the CrowdSec module. This is following some great discussions we've had at DrupalDevDays in Leuven and together with the brains behind CrowdSec. There is so much more potential in that platform that we should certainly leverage.

Remaining tasks

  1. More Signals

    Version 1 sends signals about bad IPs to CrowdSec on 2 different scenarios: when a crawler causes too many 4xx responses in a short period of time, and when Drupal core bans an IP because of flood control, i.e. too many failed logins from the same IP or for the same user account. Additional signals should easily be possible, if we manage to get other modules to integrate with this CrowdSec module. Examples are:
    1. Spammers
    2. Failed captchas
    3. Security safeguards

    Let's find as many modules possible and motivate them to integrate with us here. The benefit would then also be, that CrowdSec would start a Drupal-specific block list if there are significant more signals received. In return, all Drupal users could benefit from this extra list by getting banned IPs sooner.

  2. Signal Context

    Drupal currently only reports a bad signal for a specific IP address together with the timestamp and the scenario, which is either drupal/core-ban, or drupal/auth-bruteforce, or drupal/4xx-scan. The latest SDK from CrowdSec also supports context to be sent together with the signal. That will help a lot to better justify the severity of the signal and if enough trusted signals are received, the Drupal-specific block list will then start protecting Drupal sites sooner again.

    CrowdSec will provide us with the specification of what and how context can be signalled.
  3. Reporting

    CrowdSec is about to provide reports for each "engine", i.e. Drupal site in our case. This will tell the site owner details about the numbers and the nature of blocked site requests.
  4. Documentation and Promotion

    Much more documentation about how CrowdSec works is required, as well as how to set it up and how to create free or paid accounts on the CrowdSec platform. We then need to also promote this module much more, because it can help Drupal DevOps so much, i.e. nowadays also to block AI/LLM bots, that more and more cause real trouble and cost for site owners. The more Drupal signals we send back to CrowdSec to better Drupal-specific attacks can be identified and mitigated.
🌱 Plan
Status

Active

Version

1.1

Component

Documentation

Created by

🇩🇪Germany jurgenhaas Gottmadingen

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024