I recently came across this python module, django-admin-honeypot, and it's genius! The way django-admin-honeypot works is that it changes the /admin route to a fake login page and logs any login attempts in the database. See my PR for more details on the implementation.

Try logging into my admin page with whatever username/password you want.


I store every login attempt in the database for later review. The username field tells me what username they tried to use (don't worry, I don't know what password you tried).

Django admin page showing an attempted login

If I want to be extra hardcore, I could use a combination of the admin-honeypot signal hook and a tool like fail2ban to block any IP address that tries to login on this page (don't worry, I haven't implemented that, so hack away).

If you add this entry into your signals.py file, you can catch all login attempts to this page with the user's IP address as a local variable. I might add an email notification to my implementation so I get an email as soon as someone tries to login.

from admin_honeypot.signals import honeypot
def my_callback(sender, **kwargs):
    print("Caught ya!")
    # send an email to the webmaster?

Haven't caught any hackers or bots yet, but was sure fun to implement!


Back to Home
John Solly Profile Picture
John Solly Profile Picture

John Solly

Hi, I'm John, a Software Engineer with a decade of experience building, deploying, and maintaining cloud-native geospatial solutions. I currently serve as a senior software engineer at New Light Technologies (NLT), where I work on a variety of infrastructure and application development projects.

Throughout my career, I've built applications on platforms like Esri and Mapbox while also leveraging open-source GIS technologies such as OpenLayers, GeoServer, and GDAL. This blog is where I share useful articles with the GeoDev community. Check out my portfolio to see my latest work!