Comments (3)
You mention "by a steady swarm of bot login attempts" and "by extended the registration form class" -- so does your honeypot solution protect only the signup form, or both?
Must admit, I don't have any actual insights on whether or not honeypot fields are still effective in 2024, but if so, then it is indeed something useful to add. Are there at all any stats / publications on this?
I guess the only setting needed would be a ACCOUNT_SIGNUP_FORM_HONEYPOT_FIELD = "phone_number"
(or, ""
/ None
to have it turned off).
from django-allauth.
Ahh my mistake in saying 'steady stream of login' it was indeed a steady stream of signups. I was able to identify them relatively easy because I have not marketed this app publically at all and have only sent it to a few close friends for 'beta testing'. The signups had garbage usernames and never verified their emails or took any other actions in the app.
To be completely honest I was slightly surprised it worked as well. I was already also looking into how to add captcha but decided to throw in the honeypot quickly as I knew captcha would be more involved just to see if it would stem the tide. I'll spend some time doing some more research on how effective honeypots actually are in general today and bring my findings back here before I start work on this.
from django-allauth.
Related Issues (20)
- Doesn't support Android Credential Manager for Google login from Android HOT 4
- Does the MFA feature in django-allauth support FIDO passkeys? Or FIDO is simply handled by the chosen provider? HOT 1
- Facebook Graph API v14 support HOT 1
- socialauth provider saml does not log OneLogin_Saml2_Error exceptions HOT 1
- Social provider (Auth0) - not getting user's email address HOT 1
- SOCIALACCOUNT_PROVIDER nextcloud ignores settings HOT 8
- linkedin_oauth2 HOT 1
- IntegrityError on email change if user email field is unique HOT 3
- Lichess.org Provider Support HOT 1
- Github verified email does not seem to work HOT 2
- Option to allow one-time password login for old users when using SOCIALACCOUNT_ONLY HOT 1
- how to add support for SAML federations HOT 3
- headless api documentation HOT 2
- Microsoft Login (Social Account) HOT 1
- 0.62.0: Contains site-packages/tests directory HOT 1
- admin confirmation after email confirmation HOT 3
- Setting SOCIALACCOUNT_ONLY = True results in template error when trying to perform a social login, "Reverse for 'account_signup' not found. 'account_signup' is not a valid view function or pattern name". HOT 4
- Still receiving save() prohited to prevent data loss due to unsaved related objec HOT 2
- Telegram views CallbackView 'bool' object has no attribute 'pop' HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-allauth.