django-spam

Inspired by this Nick Craver tweet https://twitter.com/nick_craver/status/720062942960623616

We all hate bots, lets admit it. Especially the ones that try to gain access to our most secret endpoints. Well we have an easy solution for your django application. django_spam simply adds common admin urls to url conf so when bots (or human for that matter) try and access them, they will get redirected...

Installation / Usage

pip install django-spam

Add to apps list:

INSTALLED_APPS = [
    '...',
    'django_spam',
    '...'
]

django_spam ships with some default endpoints bots might try to hit. If you would like to add extra routes, simply add a SPAM_ROUTES variable to your settings file that contains a list of extra endpoints you would like to add. no leading slashes

SPAM_ROUTES = [
    'admin.php',
    'admin/login.php',
    'administrator/index.php',
    'index.php',
    '...',
]

Include django_spam.urls to root url file:

'...'
path('', include('django_spam.urls')),
'...',

If for some odd reason you need to exclude routes, define EXCLUDED_ROUTES in settings. no leading slashes

EXCLUDED_ROUTES = [
    'admin.php',
    'index.php'
]

Demo

See here

Development

This project uses Poetry to manage dev environment. Once installed:

1. Clone and cd into repo
2. install packages with poetry install
3. black poetry run black .
4. flake8 poetry run flake8
5. test poetry run coverage run --source=django_spam setup.py test