#summary Log failed authentication attempts with their IP address

#labels Stage-Stable

= Introduction =

Prosody doesn't write IP addresses to its log file by default for privacy reasons (unless debug logging is enabled).

This module enables logging of the IP address in a failed authentication attempt so that those trying to break into accounts for example can be blocked.

= fail2ban configuration =

fail2ban is a utility for monitoring log files and automatically blocking "bad" IP addresses at the firewall level.

With this module enabled in Prosody you can use the following example configuration for fail2ban:

{{{

# /etc/fail2ban/filter.d/prosody-auth.conf

# Fail2Ban configuration file for prosody authentication

[Definition]

failregex = Failed authentication attempt \(not-authorized\) from IP: <HOST>

ignoreregex =

}}}

And at the appropriate place (usually the bottom) of /etc/fail2ban/jail.conf add these lines:

{{{

[prosody]

enabled = true

port    = 5222

filter  = prosody-auth

logpath = /var/log/prosody/prosody*.log

maxretry = 6

}}}

== Compatibility ==

|| trunk || Works ||

|| 0.9 || Works ||

|| 0.8 || Doesn't work ||