Django-Honeypot

ashraf_zolkopli

ashrafZolkopli

Posted on June 13, 2021

Django-Honeypot

We made it so we can catch bad guys that try to access our Admin site, but not how about we make so that all of our site form able to catch the bad guy? Sound like a cool proposal right.

Usually, attacker will use a bot to try and crack our web app. One solution is to also include a honeypot everywhere there is a form. This will not deter all of the bot but adding that extra layer of security will not hurt right. Honestly, so far we made it so that we have incremental security measure in place.

I think this is where I should say that, in security terms, there is nothing that is truly secure but we need to just slowdown the attack as much as we can to the point it doesn't make any sense for the attacker to continue.

Installing django-honeypot

pipenv install django-honeypot
pipenv lock -r > requirements.txt
Enter fullscreen mode Exit fullscreen mode

Configuring django-honeypot

INSTALLED_APPS = [
    #...

    # django-honeypot
    'honeypot',
    #...
]
Enter fullscreen mode Exit fullscreen mode

if you want to activate the honeypot web app wide, the easiest way was to use a middleware provided by django-honeypot

MIDDLEWARE = [
    #...

    # Django-honeypot
    # https://pypi.org/project/django-honeypot/
    'honeypot.middleware.HoneypotMiddleware',

    #...
]
Enter fullscreen mode Exit fullscreen mode

lastly add this variable to your settings.py file

# Django-honeypot
# https://pypi.org/project/django-honeypot/
HONEYPOT_FIELD_NAME = "secret_key"
Enter fullscreen mode Exit fullscreen mode

End

As of right now I feel that we made our web app a bit safer. I'm not gonna say that our code is safe from any bot attack but at least the normal to medium type bot.

💖 💪 🙅 🚩
ashraf_zolkopli
ashrafZolkopli

Posted on June 13, 2021

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Django-Honeypot
django Django-Honeypot

June 13, 2021

Django Admin Honeypot
django Django Admin Honeypot

June 13, 2021

Django: Allauth
django Django: Allauth

June 15, 2021

Django : ReCaptha Everywhere
django Django : ReCaptha Everywhere

June 15, 2021

Django Defense Against Bot
django Django Defense Against Bot

June 14, 2021