Home » Forums » ejabberd & XMPP » ejabberd Development

Enabling logging for attacking via password attempt, authentication failure

Submitted by Zach Calvert on Thu, 2012-08-16 19:04

I have updated our ejabberd 2.1.11 code to provide the IP address from an authentication failure to assist in identifying crack password attempts. The work done is performed in the ejabberd_c2s.erl code base. There is a function wait_for_feature_request that we updated, changing the "Failed authentication" log to:

IP = peerip(StateData#state.sockmod, StateData#state.socket),
    ?ERROR_MSG(
       "(~w) Failed authentication for ~s@~s from IP ~s (~w)",
       [StateData#state.socket,
Username, StateData#state.server, jlib:ip_to_list(IP), IP]),
‹ Ejabberd's salt (SCRAM) breaks mod_rest Process Untiol Message returns empty array ›

Here's a patch for that. I've

Submitted by mfoss on Mon, 2012-08-27 11:22.

Here's a patch for that. I've added it to ejabberd 2.1.x branch:

diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index 552aa6d..6285688 100644
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -556,10 +556,11 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
 			    fsm_next_state_pack(session_established,
                                                 NewStateData);
 			_ ->
+			    IP = peerip(StateData#state.sockmod, StateData#state.socket),
 			    ?INFO_MSG(
-			       "(~w) Failed legacy authentication for ~s",
+			       "(~w) Failed legacy authentication for ~s from IP ~s (~w)",
 			       [StateData#state.socket,
-				jlib:jid_to_string(JID)]),
+				jlib:jid_to_string(JID), jlib:ip_to_list(IP), IP]),
 			    Err = jlib:make_error_reply(
 				    El, ?ERR_NOT_AUTHORIZED),
 			    send_element(StateData, Err),
@@ -646,10 +647,11 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
 				   StateData#state{
 				     sasl_state = NewSASLState});
 		{error, Error, Username} ->
+		    IP = peerip(StateData#state.sockmod, StateData#state.socket),
 		    ?INFO_MSG(
-		       "(~w) Failed authentication for ~s@~s",
+		       "(~w) Failed authentication for ~s@~s from IP ~s (~w)",
 		       [StateData#state.socket,
-			Username, StateData#state.server]),
+			Username, StateData#state.server, jlib:ip_to_list(IP), IP]),
 		    send_element(StateData,
 				 {xmlelement, "failure",
 				  [{"xmlns", ?NS_SASL}],
@@ -799,10 +801,11 @@ wait_for_sasl_response({xmlstreamelement, El}, StateData) ->
 		    fsm_next_state(wait_for_sasl_response,
 		     StateData#state{sasl_state = NewSASLState});
 		{error, Error, Username} ->
+		    IP = peerip(StateData#state.sockmod, StateData#state.socket),
 		    ?INFO_MSG(
-		       "(~w) Failed authentication for ~s@~s",
+		       "(~w) Failed authentication for ~s@~s from IP ~s (~w)",
 		       [StateData#state.socket,
-			Username, StateData#state.server]),
+			Username, StateData#state.server, jlib:ip_to_list(IP), IP]),
 		    send_element(StateData,
 				 {xmlelement, "failure",
 				  [{"xmlns", ?NS_SASL}],
»
Syndicate content

User login