Django-Honeypot

We made it so we can catch bad guys that try to access our Admin site, but not how about we make so that all of our site form able to catch the bad guy? Sound like a cool proposal right.

Usually, attacker will use a bot to try and crack our web app. One solution is to also include a honeypot everywhere there is a form. This will not deter all of the bot but adding that extra layer of security will not hurt right. Honestly, so far we made it so that we have incremental security measure in place.

I think this is where I should say that, in security terms, there is nothing that is truly secure but we need to just slowdown the attack as much as we can to the point it doesn't make any sense for the attacker to continue.

Installing django-honeypot

pipenv install django-honeypot
pipenv lock -r > requirements.txt

Configuring django-honeypot

INSTALLED_APPS = [
    #...

    # django-honeypot
    'honeypot',
    #...
]

if you want to activate the honeypot web app wide, the easiest way was to use a middleware provided by django-honeypot

MIDDLEWARE = [
    #...

    # Django-honeypot
    # https://pypi.org/project/django-honeypot/
    'honeypot.middleware.HoneypotMiddleware',

    #...
]

lastly add this variable to your settings.py file

# Django-honeypot
# https://pypi.org/project/django-honeypot/
HONEYPOT_FIELD_NAME = "secret_key"

End

As of right now I feel that we made our web app a bit safer. I'm not gonna say that our code is safe from any bot attack but at least the normal to medium type bot.

107