New in PyLucid v1.1.0

Inspired from the SSH honypot 'kippo' (see also my small project: django-kippo) i added a simple login honypot in PyLucid.

The honypot is a new PluginPage view in the existing auth plugin. It display a simple Username/Passwort login form. But the input would not really checked. The given username/password would be only stored into a separate model and response a error back.

The models are designed to automatic count double username, passwords and the remote IP Address.
To see this go to:

  • Django admin site / Auth / Honypot auths (or the other models starts with "Honypot...")

update

Update PyLucid (only django-tools and PyLucid must be updated)

Create the new database tables:

1
2
~$ cd /var/www/YourSite
/var/www/YourSite$ ./manage.py syncdb

You must see this lines:

Creating table auth_honypotusername
Creating table auth_honypotpassword
Creating table auth_honypotip
Creating table auth_honypotauth

After this, restart your server process.

usage

Create a new PluginPage with:

  • PyLucid admin menu / create content / new plugin page

Choose pylucid_plugins.auth as App label

Maybe set slug to login and put it to the root...

fake login link

The login link looks normally like this:

1
<a href="#top" ... onclick="return get_pylucid_ajax_view('?auth=login');" ...>

To change #top to the honypot login page, activate use honypot here:

  • DBpreferences / Preferences and change AuthPreferencesForm

If you activate this, you can deactivate Showlinks under PageTree - Permissions, so the honypot login page will be hide from menu/sitemap etc.