rmanara/brutalforce

help on secure website against brutal force attack

1.0.7.1 2018-07-07 10:03 UTC

README

Latest Stable Version Total Downloads License composer.lock Build Status

brutalforce

Brute-Force method is used from many hackers but the brutalforce will help you void this problem by check the client IP and will count how many request in less than a 2 seconds how many request was done. Automaticly a file will be create and saved that ip and will save for futures request.

It is very simple setup and can be used in any frameworks.

very simple setup

<?php
$firewall = new BrutalForce\Firewall\Firewall(__DIR__, "sitekey", "secret");

specify type of handler

<?php
 $firewall->initializer(BrutalForce\Firewall\Firewall::TYPE_FILE);

##check if the firewall is locked

<?php
if ($firewall->isLocked()) {
    // here you check the recaptcha is already able to display
    if ($firewall->verify()->recaptcha['valid'] == false) {
        echo "<form method='post' action=''>";
        // diplay message 
        echo $firewall->verify()->recaptcha['form_message'];
        // show input
        echo $firewall->verify()->recaptcha['form'];
        
        echo "<button>send</button></form>";
    } else {
        echo $firewall->verify()->recaptcha['form_message']; PHP_EOL;
    }
} else {
    echo "free to go" . PHP_EOL;
}

Reset the lock completely to original

by doing this the cound down will start from zero and the recaptcha will be called again from the last 3 counts


$firewall->resetLock(true);

Bugs:

  • found issue on setup the file and folder to holder the ip

enhancement:

  • add new method to reset lock
  • remove setup file on handler
  • add request uri so the full url is recored and can be redirect to it if is need to