django-admin-honeypot: A fake Django admin login screen page
django-admin-honeypot
django-admin-honeypot is a fake Django admin login screen to log and notify admins of attempted unauthorized access. This app was inspired by a discussion in and around Paul McMillan’s security talk at DjangoCon 2011.
Install
pip install django-admin-honeypot
Usage
Basic setup
Add admin_honeypot to INSTALLED_APPS in settings.py:
Update urls.py:
The honeypot signal
Every time a login attempt occurs, the admin_honeypot.signals.honeypot() signal is fired off. You can set up listeners to this in order to send out any custom notifications or logging.
A default listener, admin_honeypot.listeners.notify_admins(), will send an email to all site administrators (ADMINS in your site settings) with the details. This can be disabled by setting ADMIN_HONEYPOT_EMAIL_ADMINS to false in your site settings.
Customizing the login template
The template rendered on the honeypot is admin_honeypot/login.html. By default, this template simply extends admin/login.html, but you may want to change it if, e.g., you’ve customized the Django admin and want to display the stock admin login form.
Run python manage.py migrate
Copyright (c) Derek Payton <derek.payton@gmail.com>
Source: https://github.com/dmpayton/
