How to protect ejabberd from bruteforce attacks?

Posted by Sergey on Server Fault See other posts from Server Fault or by Sergey
Published on 2012-03-14T17:37:47Z Indexed on 2012/10/15 15:40 UTC
Read the original article Hit count: 466

It writes this in logs:

=INFO REPORT==== 2012-03-14 17:48:54 ===
I(<0.467.0>:ejabberd_listener:281) : (#Port<0.4384>) Accepted connection {{10,254,239,2},51986} -> {{10,254,239,1},5222}

=INFO REPORT==== 2012-03-14 17:48:54 ===
I(<0.1308.0>:ejabberd_c2s:784) : ({socket_state,tls,{tlssock,#Port<0.4384>,#Port<0.4386>},<0.1307.0>}) Failed authentication for USERNAME

=INFO REPORT==== 2012-03-14 17:48:54 ===
I(<0.1308.0>:ejabberd_c2s:649) : ({socket_state,tls,{tlssock,#Port<0.4384>,#Port<0.4386>},<0.1307.0>}) Failed authentication for USERNAME

It doesn't write IP with a failure.
And strings "Accepted connection" and "Failed auth.." may even not stand nearby (as I think on heavily loaded servers) to be able to use fail2ban.
What to do? And how jabber servers (using ejabberd) are protected?

© Server Fault or respective owner

Related posts about brute-force-attacks

Related posts about ejabberd