How to protect ejabberd from bruteforce attacks?
Posted
by
Sergey
on Server Fault
See other posts from Server Fault
or by Sergey
Published on 2012-03-14T17:37:47Z
Indexed on
2012/10/15
15:40 UTC
Read the original article
Hit count: 466
It writes this in logs:
=INFO REPORT==== 2012-03-14 17:48:54 ===
I(<0.467.0>:ejabberd_listener:281) : (#Port<0.4384>) Accepted connection {{10,254,239,2},51986} -> {{10,254,239,1},5222}
=INFO REPORT==== 2012-03-14 17:48:54 ===
I(<0.1308.0>:ejabberd_c2s:784) : ({socket_state,tls,{tlssock,#Port<0.4384>,#Port<0.4386>},<0.1307.0>}) Failed authentication for USERNAME
=INFO REPORT==== 2012-03-14 17:48:54 ===
I(<0.1308.0>:ejabberd_c2s:649) : ({socket_state,tls,{tlssock,#Port<0.4384>,#Port<0.4386>},<0.1307.0>}) Failed authentication for USERNAME
It doesn't write IP with a failure.
And strings "Accepted connection" and "Failed auth.." may even not stand nearby (as I think on heavily loaded servers) to be able to use fail2ban.
What to do? And how jabber servers (using ejabberd) are protected?
© Server Fault or respective owner