April 21, 2011 at 12:32User Tracking in Django
Hello% username% To
begin with, I have a certain Django portal on which certain bonuses are accrued to users for inviting new users. Such a system of referrals. But the bonus is accrued only if the invited user is active. Today I had a suspicion that one of my users started virtuals. Let’s try to convict him of this ...
I have a core aklicha in every project , where I keep all sorts of useful utilities. In this applet, create the middleware.py file .
Add the middleware to settings.py
And you need to remember to add the header generation 'HTTP_X_FORWARDED_FOR' to /etc/nginx/nginx.conf Restart Django and Nginx. We look at the log grep -E 'AnonymousUser | User1 | User2' users.log , analyze it. In general, depending on how much the user is familiar with Internet technologies and the size of the bonus, several options are possible: Noob will do everything with his hands from the current IP. It is easy to track such a person by records of the type All actions are performed from the same IP and on behalf of different users in turn. An advanced user will try to hide using a dynamic IP or proxy. IPs are different, but the actions of pseudo users are strictly sequential.
If the programmer took up the task , then it will be extremely difficult to catch it if he uses a proxy and writes a script for emulating user activity. In severe cases, you already need to work with psychology, not technology. It is necessary to give a person easy to receive bonuses, so that blinded by greed and impunity, he will lose his vigilance and his scripts will acquire a characteristic display in the logs.
In general, I wish everyone good and honest users. Indeed, first of all, for the sake of them, we are writing our portals.
begin with, I have a certain Django portal on which certain bonuses are accrued to users for inviting new users. Such a system of referrals. But the bonus is accrued only if the invited user is active. Today I had a suspicion that one of my users started virtuals. Let’s try to convict him of this ...
I have a core aklicha in every project , where I keep all sorts of useful utilities. In this applet, create the middleware.py file .
import logging
import logging.handlers
bytes=1024000
count=10
formatter = logging.Formatter("%(asctime)s-%(message)s")
MODELS_FILE = '/home/ramovsky/users.log'
logmodels = logging.getLogger('users')
logmodels.setLevel(logging.DEBUG)
handler = logging.handlers.RotatingFileHandler(MODELS_FILE, maxBytes=bytes, backupCount=count)
handler.setFormatter(formatter)
logmodels.addHandler(handler)
class TrackUsersMiddleware(object):
def process_request(self, request):
ip = request.META.get('REMOTE_ADDR', '') or request.META.get('HTTP_X_FORWARDED_FOR', '')
logmodels.debug('%s %s %s'%(request.user, request.path, ip))
Add the middleware to settings.py
MIDDLEWARE_CLASSES = (
#----- cut -----
'core.middleware.TrackUsersMiddleware',
)
And you need to remember to add the header generation 'HTTP_X_FORWARDED_FOR' to /etc/nginx/nginx.conf Restart Django and Nginx. We look at the log grep -E 'AnonymousUser | User1 | User2' users.log , analyze it. In general, depending on how much the user is familiar with Internet technologies and the size of the bonus, several options are possible: Noob will do everything with his hands from the current IP. It is easy to track such a person by records of the type All actions are performed from the same IP and on behalf of different users in turn. An advanced user will try to hide using a dynamic IP or proxy. IPs are different, but the actions of pseudo users are strictly sequential.
location / {
#---- cut -----
fastcgi_param REMOTE_ADDR $remote_addr;
}
2011-04-20 14:00:03,123-AnonymousUser /accounts/login/ 80.91.173.10
2011-04-20 14:00:22,967-User1 Куча активности
2011-04-20 14:00:22,967-User1 /logout/ 80.91.173.10
2011-04-20 14:01:03,123-AnonymousUser /accounts/login/ 80.91.173.10
2011-04-20 14:01:22,967-User2 Куча активности
2011-04-20 14:01:22,967-User2 /logout/ 80.91.173.10
2011-04-20 14:00:03,123-AnonymousUser /accounts/login/ 18.11.173.10
2011-04-20 14:00:22,967-User1 Куча активности
2011-04-20 14:00:22,967-User1 /logout/ 18.11.173.10
2011-04-20 14:01:03,123-AnonymousUser /accounts/login/ 34.91.173.10
2011-04-20 14:01:22,967-User2 Куча активности
2011-04-20 14:01:22,967-User2 /logout/ 34.91.173.10
If the programmer took up the task , then it will be extremely difficult to catch it if he uses a proxy and writes a script for emulating user activity. In severe cases, you already need to work with psychology, not technology. It is necessary to give a person easy to receive bonuses, so that blinded by greed and impunity, he will lose his vigilance and his scripts will acquire a characteristic display in the logs.
In general, I wish everyone good and honest users. Indeed, first of all, for the sake of them, we are writing our portals.