Diff

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_log_auth/README.md	Tue Mar 18 00:31:36 2025 +0700
@@ -0,0 +1,49 @@
+---
+labels:
+- 'Stage-Stable'
+summary: Log failed authentication attempts with their IP address
+...
+
+Introduction
+============
+
+Prosody doesn't write IP addresses to its log file by default for
+privacy reasons (unless debug logging is enabled).
+
+This module enables logging of the IP address in a failed authentication
+attempt so that those trying to break into accounts for example can be
+blocked.
+
+fail2ban configuration
+======================
+
+fail2ban is a utility for monitoring log files and automatically
+blocking "bad" IP addresses at the firewall level.
+
+With this module enabled in Prosody you can use the following example
+configuration for fail2ban:
+
+    # /etc/fail2ban/filter.d/prosody-auth.conf
+    # Fail2Ban configuration file for prosody authentication
+    [Definition]
+    failregex = Failed authentication attempt \(not-authorized\) for user .* from IP: <HOST>
+    ignoreregex =
+
+And at the appropriate place (usually the bottom) of
+/etc/fail2ban/jail.conf add these lines:
+
+    [prosody]
+    enabled = true
+    port    = 5222
+    filter  = prosody-auth
+    logpath = /var/log/prosody/prosody*.log
+    maxretry = 6
+
+Compatibility
+-------------
+
+  ------- --------------
+  trunk   Works
+  0.9     Works
+  0.8     Doesn't work
+  ------- --------------