Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

Login bruteforce protection

Hello, guys!

I know that maybe this question can be a bit off-topic with Phalcon itself. But using this awesome framework, which is the best way to achieve this?

I really don't want to store the user's IP in a table a the "tries".

is the CAPTCHA the best solution for this situation?

Thanks!



70.2k

i use google re-capcha2 there is something like hidden repacha now, you can chevck them, its quite easy to implement

Well captcha is best, but if you want to avoid it you can use mcrypt with high enough cost, but this way you can have easy ddos in your site.

Google Capcha2 is a very good solution, but a rate limiter is often useful too. Take a look at Phalcon Throttler :)



3.4k

Bravo! seems good, I will take a look on it, thanks for sharing!

Google Capcha2 is a very good solution, but a rate limiter is often useful too. Take a look at Phalcon Throttler :)



3.4k

I don't know how to proceed in this case, this post has more than one "Answer".



796
Accepted
answer

Thanks, happy you find it usefull :)

Bravo! seems good, I will take a look on it, thanks for sharing!

Google Capcha2 is a very good solution, but a rate limiter is often useful too. Take a look at Phalcon Throttler :)

I would say that, if you just want to protect the login endpoint, than the Capcha is enough. Its perfect to protect from bots and automatic scripts. Instead, if you want to protect more private routes and/or limit the access to them, the Rate Limiter is the way to go.

I don't know how to proceed in this case, this post has more than one "Answer".

I don't know how to proceed in this case, this post has more than one "Answer".

Thanks for being conscientious enough to care. My philosophy is to accept the answer that you decided to go with. If multiple strategies, pick the first one that mentioned that strategy.



3.4k

I accept this answer, I will go for reCaptcha, then maybe consider to use Phalcon Throttler. Thanks!

Thanks, happy you find it usefull :)

Bravo! seems good, I will take a look on it, thanks for sharing!

Google Capcha2 is a very good solution, but a rate limiter is often useful too. Take a look at Phalcon Throttler :)

I would say that, if you just want to protect the login endpoint, than the Capcha is enough. Its perfect to protect from bots and automatic scripts. Instead, if you want to protect more private routes and/or limit the access to them, the Rate Limiter is the way to go.

I don't know how to proceed in this case, this post has more than one "Answer".