Django Bruteforce Buster
Project description
Description
BruteBuster is a simple, pluggable Django app that can help you protect against password bruteforcing attempts.
The module overrides the default authenticate() function from django.contrib.auth, so it provides automated protection both for your custom login pages and for the admin login page.
Each block is applied against a unique username/IP address combination. In this way, bruteforcing attempts coming from a different IP address would not prevent the original user from logging in.
Installation
- Install the BruteBuster module to your Python path
#pip install django-brutebuster2
To verify that the Python module is available, you can run the Django shell and check the value of BruteBuster.version:
$python manage.py shell
(InteractiveConsole)
>>> import BruteBuster
>>> print(BruteBuster.version)
0.2.0
If you don't see any errors, then congrats! The hard part is over.
- Add BruteBuster to your INSTALLED_APPS list in settings.py
- Add BruteBuster.middleware.RequestMiddleware to your MIDDLEWARE_CLASSES in settings.py
- Run python manage.py migrate --run-syncdb to add the BruteBuster table to your database
- That's it! Don't forget to restart your server, if needed.
Operation
If everything is working properly, you should see a Failed attempts table in the Django admin interface. Whenever a failed login is detected, the Failures counter for the respective Username/IP address combo is incremented. If the counter goes over a certain threshold (called BB_MAX_FAILURES), login attempts for this User and IP are blocked until BB_BLOCK_INTERVAL (minutes) passes without a failed login.
The default BB_MAX_FAILURES value is 5, and the default BB_BLOCK_INTERVAL is 3 (minutes). Both values can be overridden in settings.py.
Display
All active blocks will have a 'Blocked' column set to True in the Failed Attempts table in the Django admin.
Block removal
The easiest way to remove a block is to delete the corresponding line from the Failed Attempts table. It is completely safe to remove data from this table (the worst that could happen is to remove some existing block)
Future
Found some bug? Got a suggestion? Need a feature that's not present yet? In any case we would love to hear back from you. You can use the contact form, or simply throw us an email at office () mtr-design.com.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-brutebuster2-0.2.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f5260925263f76fa21a6109617c7f2ac5c5e91189180be70adfb8dc72791724c |
|
| MD5 | b6463b3cbf4e4ad4c785da4617ceb17f |
|
| BLAKE2b-256 | 26cec1fac86653f96c08a2c35a161fc6acd21ac53b235d77ff5f68f800f16159 |
Hashes for django_brutebuster2-0.2.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b4e65bad88c96b793300a075db51979851af9168a8c5b87ddcd29f0064dfedcb |
|
| MD5 | 1a32b9ed42a1bf0f37d7c8e7ca49fe67 |
|
| BLAKE2b-256 | a05ad1f8499fcf70d7ab21ff78202ff8e8018e6f55301cf3d96d58ea5e9fae84 |
