Misc tools created for the maintenance of the XMPP services at chapril.org.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
root dc7484e16a useful functions : added simple notice 3 weeks ago
..
filter.d Craft fail2ban rules to mitigate spambots attacks (#4461) 11 months ago
jail.d Disable custom fail2ban jail. Too agressive. 4 months ago
README.md Craft fail2ban rules to mitigate spambots attacks (#4461) 11 months ago

README.md

fail2ban rules for XMPP

fail2ban rules created to mitigate spambots acting since April 2020. Random accounts are created with different IPs (probably zombie machines) and then always the same 3 XMPP accounts (on other XMPP servers) are targeted. The new chapril account ask for presence subscription to those external JIDs and immediately send them random messages without waiting for an answer.

ejabberd detects the suspicious fast presence subscriptions and logs something easy to capture:

grep Flooder /var/log/ejabberd/ejabberd.log

So we use these log warnings to trigger IP ban.

Quickstart guide

cd /etc/fail2ban/filter.d
ln -s /srv/xmpp.chapril.org/tools/fail2ban/filter.d/xmpp-flooders.conf
cd /etc/fail2ban/jail.d
ln -s /srv/xmpp.chapril.org/tools/fail2ban/jail.d/chapril-xmpp.conf
systemctl restart fail2ban

Check that the jail is active:

fail2ban-client status
fail2ban-client status xmpp-c2s