Spy on users in Django
Hello% username%
To begin with, I have a certain Django portal, on which users receive certain bonuses for inviting new users. Such a system of referrals. But the bonus is charged only if the invited user is active. Today I had a suspicion that one of my users started virtuals. Let's try to catch him in this ...
I have an app in every project core , where I keep all sorts of useful utilities. In this application we will create the file middleware.py .
Add middleware in settings.py
')
And you need to remember to add the generation of the header 'HTTP_X_FORWARDED_FOR' in /etc/nginx/nginx.conf
Restart Django and Nginx. We look at the grep log -E 'AnonymousUser | User1 | User2' users.log , we analyze.
In general, depending on how familiar the user is with Internet technologies and the size of the bonus, there are several possible variants of events:
Noob will do everything with the hands of the current IP. Such a person is easy to track by type records.
All actions are performed from the same IP and on behalf of different users alternately.
An advanced user will try to hide using a dynamic IP or proxy.
IP is different, but the actions of pseudo users are strictly alternate.
If a programmer has taken up the matter, then it will be extremely difficult to catch him if he uses a proxy and writes a script to emulate user activity. In severe cases, you already need to work with psychology, rather than technology. It is necessary to give a person easy to get bonuses, so that, blinded by greed and impunity, he will lose his vigilance and his scripts will acquire a characteristic display in the logs.
In general, I wish you all good and honest users. After all, before all for their sake, we write our portals.
To begin with, I have a certain Django portal, on which users receive certain bonuses for inviting new users. Such a system of referrals. But the bonus is charged only if the invited user is active. Today I had a suspicion that one of my users started virtuals. Let's try to catch him in this ...
I have an app in every project core , where I keep all sorts of useful utilities. In this application we will create the file middleware.py .
import logging import logging.handlers bytes=1024000 count=10 formatter = logging.Formatter("%(asctime)s-%(message)s") MODELS_FILE = '/home/ramovsky/users.log' logmodels = logging.getLogger('users') logmodels.setLevel(logging.DEBUG) handler = logging.handlers.RotatingFileHandler(MODELS_FILE, maxBytes=bytes, backupCount=count) handler.setFormatter(formatter) logmodels.addHandler(handler) class TrackUsersMiddleware(object): def process_request(self, request): ip = request.META.get('REMOTE_ADDR', '') or request.META.get('HTTP_X_FORWARDED_FOR', '') logmodels.debug('%s %s %s'%(request.user, request.path, ip)) Add middleware in settings.py
')
MIDDLEWARE_CLASSES = ( #----- cut ----- 'core.middleware.TrackUsersMiddleware', ) And you need to remember to add the generation of the header 'HTTP_X_FORWARDED_FOR' in /etc/nginx/nginx.conf
location / {
#---- cut -----
fastcgi_param REMOTE_ADDR $remote_addr;
}
Restart Django and Nginx. We look at the grep log -E 'AnonymousUser | User1 | User2' users.log , we analyze.
In general, depending on how familiar the user is with Internet technologies and the size of the bonus, there are several possible variants of events:
Noob will do everything with the hands of the current IP. Such a person is easy to track by type records.
2011-04-20 14:00:03,123-AnonymousUser /accounts/login/ 80.91.173.10
2011-04-20 14:00:22,967-User1
2011-04-20 14:00:22,967-User1 /logout/ 80.91.173.10
2011-04-20 14:01:03,123-AnonymousUser /accounts/login/ 80.91.173.10
2011-04-20 14:01:22,967-User2
2011-04-20 14:01:22,967-User2 /logout/ 80.91.173.10
All actions are performed from the same IP and on behalf of different users alternately.
An advanced user will try to hide using a dynamic IP or proxy.
2011-04-20 14:00:03,123-AnonymousUser /accounts/login/ 18.11.173.10
2011-04-20 14:00:22,967-User1
2011-04-20 14:00:22,967-User1 /logout/ 18.11.173.10
2011-04-20 14:01:03,123-AnonymousUser /accounts/login/ 34.91.173.10
2011-04-20 14:01:22,967-User2
2011-04-20 14:01:22,967-User2 /logout/ 34.91.173.10
IP is different, but the actions of pseudo users are strictly alternate.
If a programmer has taken up the matter, then it will be extremely difficult to catch him if he uses a proxy and writes a script to emulate user activity. In severe cases, you already need to work with psychology, rather than technology. It is necessary to give a person easy to get bonuses, so that, blinded by greed and impunity, he will lose his vigilance and his scripts will acquire a characteristic display in the logs.
In general, I wish you all good and honest users. After all, before all for their sake, we write our portals.
Source: https://habr.com/ru/post/117827/
All Articles