Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Throttling brute force login attacks in Django [closed]

Tags:

python

security

django

brute-force

Are there generally accepted tactics for protecting Django applications against this kind of attack?

like image 304
Joe Mornin Avatar asked Jul 13 '12 19:07

Joe Mornin

People also ask

What stops a brute-force attack?

Use Strong Passwords. Having a strong password policy is the simplest and most effective way of thwarting a brute-force attack. You would want to create a complex password for your web application or a public server that is impossible to guess but is relatively easy to remember.

What techniques can be used to prevent brute-force login attack?

The most obvious way to block brute-force attacks is to simply lock out accounts after a defined number of incorrect password attempts. Account lockouts can last a specific duration, such as one hour, or the accounts could remain locked until manually unlocked by an administrator.

2 Answers

You can:

  • Keep track of the failed login attempts and block the attacker after 3 attempts.
  • If you don't want to block then you can log it and present a CAPTCHA to make it more difficult in future attempts.
  • You can also increase the time between login attempts after eached failed attempt. For example, 10 seconds, 30 seconds, 1 minute, 5 minutes, et cetera. This will spoil the fun pretty quickly for the attacker.
  • Of course, choose a secure password as that will keep the attacker guessing.
like image 61
Simeon Visser Avatar answered Sep 21 '22 04:09

Simeon Visser

There are many libraries available for it like Django-axes, Django-defender, Django-ratelimit, these libraries mentioned all do the same thing (with a few differences between them). You can choose the one which best suits your needs.

If you are using DRF, then you don't need an additional library (axes, ratelimit, etc.) because DRF already has the throttling functionality build in.

You can check this question :**How to prevent brute force attack in Django Rest + Using Django Rest Throttling **

like image 35
Mr Singh Avatar answered Sep 23 '22 04:09

Mr Singh
Sign in to Comment

Related questions

Installing MySQL Python on Mac OS X
Flipping zeroes and ones in one-dimensional NumPy array
Cycle a list from alternating sides
Transpose a matrix in Python [duplicate]
How to get two random records with Django
How do you determine if an IP address is private, in Python?
Does pyvenv replace virtualenv in python3.3 +? [duplicate]
Endpoints API - protorpc validation error
Interact with celery ongoing task
Non-blocking multiprocessing.connection.Listener?
Building a ctypes-"based" C library with distutils
Clean way of structuring ctypes class
Python real time image classification problems with Neural Networks
Fatal Python error and `BufferedWriter`
How to get PyTest working in Visual Studio
Is there a version of TensorFlow not compiled for AVX instructions?
Passing a C++ object to Python
Pylint: Disable specific warnings for specific folder
How do cursors work in Python's DB-API?
Rasterizing a GDAL layer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!