捕捉攻击者

pip install django-admin-honeypot

Add admin_honeypot to INSTALLED_APPS

url(r'^admin/', include('admin_honeypot.urls', namespace='admin_honeypot')),
url(r'^secret/', include(admin.site.urls)),

 生成数据库.捕捉攻击者

如果有使用代理的系统会记录127.0.0.1可通过设置中间件来实现

Why is the IP address logged as 127.0.0.1?

Django-admin-honeypot pulls the users IP address from the REMOTE_ADDR request header. If your Django app is behind a load balancer or proxy web server, this may not be set and instead you will instead have an HTTP_X_FORWARDED_FOR header which contains the IP address in a comma-separated string.

The simple solution is to use a middleware to automatically set REMOTE_ADDR to the value ofHTTP_X_FORWARDED_FOR, like so:

class RemoteAddrMiddleware(object):
    def process_request(self, request):
        if 'HTTP_X_FORWARDED_FOR' in request.META:
            ip = request.META['HTTP_X_FORWARDED_FOR'].split(',')[0].strip()
            request.META['REMOTE_ADDR'] = ip

 

See also: http://docs.webfaction.com/software/django/troubleshooting.html#accessing-remote-addr