{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ▲ chillily 的问题《Throttling brute force login attacks in Django》','https://www.manongdao.com/q-1312728.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Are there generally accepted tactics for protecting Django applications against this kind of attack?
相关问题
- how to define constructor for Python's new Nam
- streaming md5sum of contents of a large remote tar
- How to get the background from multiple images by
- Django __str__ returned non-string (type NoneType)
- Evil ctypes hack in python
django-axes is an existing app for detecting failed login attempts. There is also a more general django-ratelimit.
There are many libraries available for it like Django-axes, Django-defender, Django-ratelimit, these libraries mentioned all do the same thing (with a few differences between them). You can choose the one which best suits your needs.
If you are using DRF, then you don't need an additional library (axes, ratelimit, etc.) because DRF already has the throttling functionality build in.
You can check this question :**How to prevent brute force attack in Django Rest + Using Django Rest Throttling **
You can:
I prefer django-defender. It starts as django-axes fork with redis as backend to store fail login attempts, blocked users, IPs so it much faster than django-axes.