The honypot is a new PluginPage view in the existing auth plugin. It display a simple Username/Passwort login form. But the input would not really checked. The given username/password would be only stored into a separate model and response a error back.
The models are designed to automatic count double username, passwords and the remote IP Address.
To see this go to:
- Django admin site / Auth / Honypot auths (or the other models starts with "Honypot...")
Update PyLucid (only django-tools and PyLucid must be updated)
Create the new database tables:
~$ cd /var/www/YourSite /var/www/YourSite$ ./manage.py syncdb
You must see this lines:
Creating table auth_honypotusername Creating table auth_honypotpassword Creating table auth_honypotip Creating table auth_honypotauth
After this, restart your server process.
Create a new PluginPage with:
- PyLucid admin menu / create content / new plugin page
Choose pylucid_plugins.auth as App label
Maybe set slug to login and put it to the root...
fake login link
The login link looks normally like this:
<a href="#top" ... onclick="return get_pylucid_ajax_view('?auth=login');" ...>
To change #top to the honypot login page, activate use honypot here:
- DBpreferences / Preferences and change AuthPreferencesForm
If you activate this, you can deactivate Showlinks under PageTree - Permissions, so the honypot login page will be hide from menu/sitemap etc.