Laravel Suspicious Logins
Detect suspicious logins for standard Laravel authentication (base Laravel, Jetstream, etc) and notify a list of administrators and/or the user of the login automaticall via email.
Also provides (optional) integration with Advent Reputation for checking the reputation of IP addresses.
Install
via composer
$ composer require adventdevinc/laravel-suspicious-logins
Now you need to publish the database migration, and run migrate to apply it.
php artisan vendor:publish --provider="AdventDev\SuspiciousLogins\SuspiciousLoginsServiceProvider" --tag="migrations"
php artisan migrate
Publish the suspicious-logins.php config file and then edit it (config/suspicious-logins.php) to set your preferences.
php artisan vendor:publish --provider="AdventDev\SuspiciousLogins\SuspiciousLoginsServiceProvider" --tag="config"
php artisan vendor:publish --provider="Torann\GeoIP\GeoIPServiceProvider" --tag="config"
Use
Add \AdventDev\SuspiciousLogins\Listeners\AuthEventSubscriber::class,
to the $subscribe
variable in the app/Providers/EventServiceProvider.php
file. If it does not exist just add the code below.
protected $subscribe = [
\AdventDev\SuspiciousLogins\Listeners\AuthEventSubscriber::class,
];
Make sure to update config/suspicious-logins.php with your preferences.
Depending on your config file it will now email you, and/or your users when a suspicious login occurs on their account. By default that is a login from another city than they have recently logged in from.
Example Email
Commands
Clear all login attempts in the database
php artisan suspicious-logins:clear
Test a GeoIP lookup and Advent Reputation response for {ip}
php artisan suspicious-logins:lookup {ip}
Prune any logins older than 30 days. We automatically add this to your daily schedule.
php artisan suspicious-logins:prune
Reputation Service
This package includes support for a central IP reputation service that uses OSINT and machine learning to predict suspicious logins.
By default, it is disabled but can be enabled by changing reputation.enabled
to be true. Opting in to this service will check logins against the database by querying only the IP address logging in, and will submit actual logins and their status (failed or success) with the IP to the service to help train it.
Learn more at https://reputation.advent.dev.
NOTE: This is completely optional to use, if you disable it country, distance and city checking will still work!
Changelog
Please see CHANGELOG for more information on what has changed recently.
GeoIP Inclusion & Licensing
This package includes torann/laravel-geoip for GeoIP lookups which supports several options for GeoIP lookups.
The default allows free use for non-commercial purposes. You can publish the laravel-geoip config to change your default and use a different database. There are some that are free for commercial uses, or you can buy a key for ip-api from ~$13/mo.
The fees or licenses required are not related to this project, and it will work with virtually any IP lookup database you have.
License
Licensed under the MIT license. Please see License File for more information.