xmpp.chapril.org-ejabberd/src/mod_fail2ban.erl

%%%-------------------------------------------------------------------
%%% @author Evgeny Khramtsov <ekhramtsov@process-one.net>
%%% @copyright (C) 2014, Evgeny Khramtsov
%%% @doc
%%%
%%% @end
%%% Created : 15 Aug 2014 by Evgeny Khramtsov <ekhramtsov@process-one.net>
%%%-------------------------------------------------------------------
-module(mod_fail2ban).

-behaviour(gen_mod).

%% API
-export([start/2, stop/1, c2s_auth_result/4, check_bl_c2s/2]).

%%%===================================================================
%%% API
%%%===================================================================
start(Host, _Opts) ->
    catch ets:new(failed_auth, [named_table, public]),
    ejabberd_hooks:add(c2s_auth_result, Host, ?MODULE, c2s_auth_result, 100),
    ejabberd_hooks:add(check_bl_c2s, ?MODULE, check_bl_c2s, 100).

stop(Host) ->
    ejabberd_hooks:delete(c2s_auth_result, Host, ?MODULE, c2s_auth_result, 100),
    ejabberd_hooks:delete(check_bl_c2s, ?MODULE, check_bl_c2s, 100).

%%%===================================================================
%%% Internal functions
%%%===================================================================
c2s_auth_result(false, _User, _Server, {Addr, _Port}) ->
    case ets:lookup(failed_auth, Addr) of
	[] ->
	    ets:insert(failed_auth, {Addr, 1});
	_ ->
	    ets:update_counter(failed_auth, Addr, 1)
    end,
    timer:sleep(3);
c2s_auth_result(true, _User, _Server, _AddrPort) ->
    ok.

check_bl_c2s(_Acc, Addr) ->
    case ets:lookup(failed_auth, Addr) of
	[{Addr, N}] when N >= 100 ->
	    {stop, true};
	_ ->
	    false
    end.
Add mod_fail2ban 2014-08-15 11:40:04 +02:00			`%%%-------------------------------------------------------------------`
			`%%% @author Evgeny Khramtsov <ekhramtsov@process-one.net>`
			`%%% @copyright (C) 2014, Evgeny Khramtsov`
			`%%% @doc`
			`%%%`
			`%%% @end`
			`%%% Created : 15 Aug 2014 by Evgeny Khramtsov <ekhramtsov@process-one.net>`
			`%%%-------------------------------------------------------------------`
			`-module(mod_fail2ban).`

			`-behaviour(gen_mod).`

			`%% API`
Ban the IP if there are too many failed authentications 2014-08-15 14:13:04 +02:00			`-export([start/2, stop/1, c2s_auth_result/4, check_bl_c2s/2]).`
Add mod_fail2ban 2014-08-15 11:40:04 +02:00
			`%%%===================================================================`
			`%%% API`
			`%%%===================================================================`
			`start(Host, _Opts) ->`
Ban the IP if there are too many failed authentications 2014-08-15 14:13:04 +02:00			`catch ets:new(failed_auth, [named_table, public]),`
			`ejabberd_hooks:add(c2s_auth_result, Host, ?MODULE, c2s_auth_result, 100),`
			`ejabberd_hooks:add(check_bl_c2s, ?MODULE, check_bl_c2s, 100).`
Add mod_fail2ban 2014-08-15 11:40:04 +02:00
			`stop(Host) ->`
Ban the IP if there are too many failed authentications 2014-08-15 14:13:04 +02:00			`ejabberd_hooks:delete(c2s_auth_result, Host, ?MODULE, c2s_auth_result, 100),`
			`ejabberd_hooks:delete(check_bl_c2s, ?MODULE, check_bl_c2s, 100).`
Add mod_fail2ban 2014-08-15 11:40:04 +02:00
			`%%%===================================================================`
			`%%% Internal functions`
			`%%%===================================================================`
Ban the IP if there are too many failed authentications 2014-08-15 14:13:04 +02:00			`c2s_auth_result(false, _User, _Server, {Addr, _Port}) ->`
			`case ets:lookup(failed_auth, Addr) of`
			`[] ->`
			`ets:insert(failed_auth, {Addr, 1});`
Add mod_fail2ban 2014-08-15 11:40:04 +02:00			`_ ->`
Ban the IP if there are too many failed authentications 2014-08-15 14:13:04 +02:00			`ets:update_counter(failed_auth, Addr, 1)`
			`end,`
			`timer:sleep(3);`
			`c2s_auth_result(true, _User, _Server, _AddrPort) ->`
			`ok.`

			`check_bl_c2s(_Acc, Addr) ->`
			`case ets:lookup(failed_auth, Addr) of`
			`[{Addr, N}] when N >= 100 ->`
			`{stop, true};`
Add mod_fail2ban 2014-08-15 11:40:04 +02:00			`_ ->`
Ban the IP if there are too many failed authentications 2014-08-15 14:13:04 +02:00			`false`
Add mod_fail2ban 2014-08-15 11:40:04 +02:00			`end.`