django admin how to prevent brute force attack?
CAPTHCA/additional table field/allowed ip's - not propose.
I think best option is: keep login attempts in server cache. If you can propound other options or cut up option with cache, 开发者_运维问答you are welcome.Typically I would use the INTERNAL_IPS setting, and make a middleware that blocks access to /admin/ if you're not part of INTERNAL_IPS
Another option is to play with https://github.com/dmpayton/django-admin-honeypot -- you could potentially write a cron job that blocks these IPs via iptables or something.
精彩评论