Fail2ban is a useful tool capable of mitigating brute force attacks performed against a multitude of services (ejabberd in our case). Configuration is split between a multitude of files: jail.conf defines which filters are active while the filters scripts are placed in ./filter.d directory. [root@CentOS ~]# vi /etc/fail2ban/jail.conf --- bantime = 1200 findtime = 1200 maxretry = 10 backend = auto [ejabberd-auth] enabled = true port = 5222,5280,7777 action = iptables-multiport[name=ejabberd, port="5222,5269,5280,777", protocol=tcp] logpath = /var/log/ejabberd/ejabberd.log --- [root@CentOS ~]# vi /etc/fail2ban/filter.d/ejabberd-auth.conf --- [Definition] failregex = ^=INFO REPORT==== ===\nI\(<0\.\d+\.0>:ejabberd_c2s:\d+\) : \([^)]+\) Failed authentication for .+ from IP <HOST> \({{(?:\d+,){3}\d+},\d+}\)$ ^(?:\.\d+)? \[info\] <0\.\d+\.\d>@ejabberd_c2s:wait_for_feature_request:\d+ \([^\)]+\) Failed authentication for \S+ from IP <HOST>$ ^.* Failed authentication for \S+ from <HOST>$ ^.* from <<"<HOST>">> failed with error: <<"inexistent-account">>$ ^.* from <<"<HOST>">> failed with error: <<"bad-password">>$ ^.* from <<"<HOST>">> failed with error: <<"badformed-jid">>$ ignoreregex = [Init] journalmatch = --- The first two regular expressions are for user authentication while the others are for administration panel login. Other useful commands are: …

Everyone who knows me a little bit knows how much I dislike Google but this time we really should thank them for taking a real step toward a more secure web. They are finally moving away from SHA-1 to the much more secure SHA-2, more info can be found here: http://googleonlinesecurity.blogspot.it/2014/09/gradually-sunsetting-sha-1.html .:. Setup CentOS 6.5 x86_64 nginx/1.6.1 OpenSSL 1.0.1e-fips 11 Feb 2013 Nginx developers provide an up to date repository (http://wiki.nginx.org/Install)for CentOS: …