Refer to this post here how-can-i-get-the-mac-and-the-ip-address-of-a-connected-client-in-php, MAC address is unique as per device right?
So if I found a possible attack from that device, I could just blacklist and block the device from log in my website is that correct?
There are a couple of issues here.
First, MAC addresses, while intended to be unique, are in practice not. They are user-controllable.
The second issue is that your PHP-based application, if on the internet, will not be able to access the MAC address. The reason is that MAC addresses are layer 2 and layer 2 data is not typically sent across WAN links. If you want something to block, you have layer 7 data. This includes:
However, if your application is on the internet, it is going to get attacked. The energy should be spent on ensuring the application follows good development practices. This includes keeping it updated with any frameworks and libraries it uses, output encoding user-supplied data, parameterized queries, and so on.
As for your first question, MAC addresses are supposed to be unique but from a security perspective you should not take this for granted. It has become very easy nowadays to spoof the MAC address.
Yes you can but you should be sure you are blocking the right device.
Let's say that you are detecting malicious traffic from a device in your network (since you are scanning with the MAC address), that address might be your gateway transferring from "outside world" into your local network. It's true that you see the malicious traffic coming from your gateway (in layer 2 perspective) but in layer 3 perspective the malicious traffic is not coming from there. The highest the layer perspective you scan your traffic, the more effective would be.
I would suggest taking precautionary measures based on the type of the attack and try to target the attack, not the attacker. This way you will be protected from a lot of attackers who use the same attack technique.
