django-admin-honeypot is a fake Django admin login screen to log and notify admins of attempted unauthorized access. This app was inspired by a discussion in and around Paul McMillan’s security talk at DjangoCon 2011.
pip install django-admin-honeypot
INSTALLED_APPS in settings.py:
Every time a login attempt occurs, the admin_honeypot.signals.honeypot() signal is fired off. You can set up listeners to this in order to send out any custom notifications or logging.
A default listener, admin_honeypot.listeners.notify_admins(), will send an email to all site administrators (ADMINS in your site settings) with the details. This can be disabled by setting ADMIN_HONEYPOT_EMAIL_ADMINS to false in your site settings.
Customizing the login template
The template rendered on the honeypot is admin_honeypot/login.html. By default, this template simply extends admin/login.html, but you may want to change it if, e.g., you’ve customized the Django admin and want to display the stock admin login form.
Run python manage.py migrate
Copyright (c) Derek Payton <email@example.com>