ashrafZolkopli
Posted on June 13, 2021
We made it so we can catch bad guys that try to access our Admin site, but not how about we make so that all of our site form able to catch the bad guy? Sound like a cool proposal right.
Usually, attacker will use a bot to try and crack our web app. One solution is to also include a honeypot everywhere there is a form. This will not deter all of the bot but adding that extra layer of security will not hurt right. Honestly, so far we made it so that we have incremental security measure in place.
I think this is where I should say that, in security terms, there is nothing that is truly secure but we need to just slowdown the attack as much as we can to the point it doesn't make any sense for the attacker to continue.
Installing django-honeypot
pipenv install django-honeypot
pipenv lock -r > requirements.txt
Configuring django-honeypot
INSTALLED_APPS = [
#...
# django-honeypot
'honeypot',
#...
]
if you want to activate the honeypot web app wide, the easiest way was to use a middleware provided by django-honeypot
MIDDLEWARE = [
#...
# Django-honeypot
# https://pypi.org/project/django-honeypot/
'honeypot.middleware.HoneypotMiddleware',
#...
]
lastly add this variable to your settings.py file
# Django-honeypot
# https://pypi.org/project/django-honeypot/
HONEYPOT_FIELD_NAME = "secret_key"
End
As of right now I feel that we made our web app a bit safer. I'm not gonna say that our code is safe from any bot attack but at least the normal to medium type bot.
Posted on June 13, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.