logging attckers try and add location to admin
This commit is contained in:
Parsa Nazer
@@ -209,6 +209,12 @@ UNFOLD = {
|
||||
"icon": "contact_mail",
|
||||
"link": reverse_lazy("admin:account_useraddressmodel_changelist"),
|
||||
},
|
||||
{
|
||||
"title": _("تلاشهای نفوذ"),
|
||||
"icon": "gpp_maybe",
|
||||
"link": reverse_lazy("admin:account_securitybreachattemptmodel_changelist"),
|
||||
"badge": 'utils.admin.new_attck_count'
|
||||
},
|
||||
|
||||
],
|
||||
},
|
||||
|
||||
+5
-10
@@ -9,7 +9,7 @@ from django.views.generic import RedirectView, TemplateView
|
||||
from unfold.views import UnfoldModelAdminViewMixin
|
||||
from order.models import OrderModel
|
||||
from ticket.models import Ticket
|
||||
|
||||
from account.models import SecurityBreachAttemptModel
|
||||
import json
|
||||
|
||||
|
||||
@@ -267,20 +267,15 @@ class FakeAdminLoginView(View):
|
||||
return context
|
||||
|
||||
def get(self, request):
|
||||
# Log empty attempt (optional)
|
||||
ip = request.META.get("REMOTE_ADDR")
|
||||
print(f"Honeypot page accessed from IP: {ip}")
|
||||
|
||||
hacker, created = SecurityBreachAttemptModel.objects.get_or_create(ip=ip)
|
||||
return render(request, 'admin/fake_login.html', self.get_context(request))
|
||||
|
||||
def post(self, request):
|
||||
username = request.POST.get("username")
|
||||
password = request.POST.get("password") # Never actually used
|
||||
ip = request.META.get("REMOTE_ADDR")
|
||||
|
||||
print(f"Honeypot triggered! IP: {ip}, Username: {username}")
|
||||
hacker, created = SecurityBreachAttemptModel.objects.get_or_create(ip=ip)
|
||||
hacker.trys += 1
|
||||
hacker.save()
|
||||
messages.error(request, "Please correct the error below.")
|
||||
messages.error(request, "Please enter the correct شماره تماس and password for a staff account. Note that both fields may be case-sensitive.")
|
||||
|
||||
# Redirect back to fake login page with context
|
||||
return render(request, 'admin/fake_login.html', self.get_context(request))
|
||||
Reference in New Issue
Block a user