PHP: Anti-Flood/Spam system

Question

I\'m actually working on a PHP project that will feature a user system (Login,Register,Send lost password to email,..) and I think that this may be very vulnerable to Brute-Forc

Answer 1

1. Yes, storing an IP address, last accessed and times accessed in a database would be fine.
2. Using CAPTCHAs for register/recovering password is advised so that e-mail addresses cannot be spammed. Also to stop brute forcing.
3. Yes, text CAPTCHAs are possible, although far easier for someone to crack and write a script to automate the answer. For a free CAPTCHA, I'd recommend Recaptcha.
4. That really depends on how much you care about security. I'd certainly recommend using a CAPTCHA as they are simple to implement.