SimpleAntiBruteForce is a lightweight PHP library designed to mitigate brute force attacks on PHP forms effectively.
Many existing libraries lack a straightforward and robust system for managing brute force attempts, prompting the creation of SimpleAntiBruteForce.
This library provides a reliable solution without unnecessary complexity and is designed to optimize resource usage by automatically clearing old records from the database over time.
Setting up SimpleAntiBruteForce is very simple.
- Simply create a new MySQL table in your project with the following schema:
CREATE TABLE user_failed_logins (
id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) NOT NULL,
attempted_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
ip_address VARCHAR(45) NOT NULL
);
- And define your MySQL credentials in the library file. You can also adjust the default settings of maximum attempts and time interval by modifying the designated variables in the file.
Before verifying passwords, ensure that the IP address is not blocked by calling the ::isAuthorized()
method.
use SimpleAntiBruteForce;
// ...
if(!SimpleAntiBruteForce::isAuthorized($ip, $email)){
http_response_code(429);
die("Too many connection attempts... Retry later");
}
When a login attempt fails, record it using the ::addFailedAttempt()
method.
use SimpleAntiBruteForce;
// ...
if (password_verify($password, $user_details["hash_password"])) {
header("Location: /dashboard");
} else {
SimpleAntiBruteForce::addFailedAttempt($ip, $email);
}
For questions or support, feel free to contact me via email at [email protected].