django-admin-honeypot: A fake Django admin login screen page

by do son · Published · Updated

django-admin-honeypot

django-admin-honeypot

django-admin-honeypot is a fake Django admin login screen to log and notify admins of attempted unauthorized access. This app was inspired by a discussion in and around Paul McMillan’s security talk at DjangoCon 2011.

Install

pip install django-admin-honeypot

Usage

Basic setup

Add admin_honeypot to INSTALLED_APPS in settings.py:

Update urls.py:

The honeypot signal

Every time a login attempt occurs, the admin_honeypot.signals.honeypot() signal is fired off. You can set up listeners to this in order to send out any custom notifications or logging.

A default listener, admin_honeypot.listeners.notify_admins(), will send an email to all site administrators (ADMINS in your site settings) with the details. This can be disabled by setting ADMIN_HONEYPOT_EMAIL_ADMINS to false in your site settings.

Customizing the login template

The template rendered on the honeypot is admin_honeypot/login.html. By default, this template simply extends admin/login.html, but you may want to change it if, e.g., you’ve customized the Django admin and want to display the stock admin login form.

Run python manage.py migrate

Copyright (c) Derek Payton <derek.payton@gmail.com>

Source: https://github.com/dmpayton/

Tags: django-admin-honeypot