Securing Your Django Admin Page With django-admin-honeypot
in Web Dev
I recently came across this python module, django-admin-honeypot, and it's genius! The way django-admin-honeypot works is that it changes the /admin route to a fake login page and logs any login attempts in the database. See my PR for more details on the implementation.
Try logging into my admin page with whatever username/password you want.
https://blogthedata.com/admin
I store every login attempt in the database for later review. The username field tells me what username they tried to use (don't worry, I don't know what password you tried).
If I want to be extra hardcore, I could use a combination of the admin-honeypot signal hook and a tool like fail2ban to block any IP address that tries to login on this page (don't worry, I haven't implemented that, so hack away).
If you add this entry into your signals.py file, you can catch all login attempts to this page with the user's IP address as a local variable. I might add an email notification to my implementation so I get an email as soon as someone tries to login.
from admin_honeypot.signals import honeypot
@receiver(honeypot)
def my_callback(sender, **kwargs):
print("Caught ya!")
# send an email to the webmaster?Haven't caught any hackers or bots yet, but was sure fun to implement!
Related Posts
How to Ask Questions Like a Senior Engineer
2 min read
Learn how to ask effective programming questions by reviewing examples and applying best practices from Stack Overflow.
0
How I Improved My Security Score With Mozilla Observatory: A Guide
13 min read
Discover how to improve your rating using Mozilla Observatory's security assessment tool. See the steps I took to upgrade my score from a 'F' to an 'A+'.
0
Upgrading to Django 4.0: Navigating Dependency and Migration Errors
4 min read
Navigating dependency and migration errors while upgrading to Django 4.0 - A guide to upgrading from Django 3.2.14 to 4.0.5
0
John Solly
Hi, I'm John, a Software Engineer with a decade of experience building, deploying, and maintaining cloud-native geospatial solutions. I currently serve as a senior software engineer at New Light Technologies (NLT), where I work on a variety of infrastructure and application development projects.
Throughout my career, I've built applications on platforms like Esri and Mapbox while also leveraging open-source GIS technologies such as OpenLayers, GeoServer, and GDAL. This blog is where I share useful articles with the GeoDev community. Check out my portfolio to see my latest work!
Comments