Are there generally accepted tactics for protecting Django applications against this kind of attack?
Use Strong Passwords. Having a strong password policy is the simplest and most effective way of thwarting a brute-force attack. You would want to create a complex password for your web application or a public server that is impossible to guess but is relatively easy to remember.
The most obvious way to block brute-force attacks is to simply lock out accounts after a defined number of incorrect password attempts. Account lockouts can last a specific duration, such as one hour, or the accounts could remain locked until manually unlocked by an administrator.
You can:
There are many libraries available for it like Django-axes, Django-defender, Django-ratelimit, these libraries mentioned all do the same thing (with a few differences between them). You can choose the one which best suits your needs.
If you are using DRF, then you don't need an additional library (axes, ratelimit, etc.) because DRF already has the throttling functionality build in.
You can check this question :**How to prevent brute force attack in Django Rest + Using Django Rest Throttling **
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With