How to add extra security to Django admin using fake admin login?

PythonServer Side ProgrammingProgramming

We are going to make a Django admin fake login page using a thirdparty package. This will just create a Django admin fake page, and whenever anyone tries to login on the admin page, whether they enter the right or wrong password, they will not be able to login and their trial with their IP addresses will be stored in a table.

So, just follow the steps given below and you will be all good to go.

Setup basic urls and add app in INSTALLED_APPS in settings.py.

Example

First install the package

pip install django-admin-honeypot

In settings.py, add this −

INSTALLED_APPS+ = ['admin_honeypot']

We simply add it to the installed app which is necessary for settings.

In project's urls.py

from django.contrib import admin
from django.urls import path,include

urlpatterns = [
   path(r'admin/', include('admin_honeypot.urls', namespace='
admin_honeypot')),
   path(r'secret/', admin.site.urls),
]

Here, we simply replace the real admin with a fake one and put our admin on another endpoint.

Run these commands −

python manage.py makemigrations
python manage.py migrate

Now you are all done, it will create a table which will store all the login attempt in admin with their session ids, the real admin will be on /secrets endpoint.

Output

On http://127.0.0.1/admin/, you will get to see the following output screen

It is fake honeypot admin page, whether you make right or wrong attempt, it is still fake and will save all attempts in a table. If you go tohttp://127.0.0.1/secret/ and login with your admin username and password −

In a table, you will get all the records.

raja
Published on 25-Aug-2021 12:28:26
Advertisements