Dwijadas Dey | 25 Jun 11:34 2016
Picon

Ejabber crashes trying to access web admin

Hi
    List experts
                       I am trying to access ejabberd web admin by
visiting http://mydomain:5280/admin and i get a blank page. After
checking the log file, i found that ejabberd crashes. The crash is
immediate after visiting the web admin URL.  This happens when i
commented ## access: register in mod_register: block.

The crash report
********************
2016-06-25 08:35:24 =CRASH REPORT====
  crasher:
    initial call: application_master:init/4
    pid: <0.37.0>
    registered_name: []
    exception exit:
{{bad_return,{{ejabberd_app,start,[normal,[]]},{'EXIT',{function_clause,[{lists,map,[#Fun<gen_iq_handler.4.19837317>,register],[{file,"lists.erl"},{line,1237}]},{ejabberd_config,transform_module_options,2,[{file,"src/ejabberd_config.erl"},{line,1095}]},{ejabberd_config,'-replace_modules/1-fun-0-',1,[{file,"src/ejabberd_config.erl"},{line,993}]},{lists,map,2,[{file,"lists.erl"},{line,1238}]},{ejabberd_config,process_host_term,4,[{file,"src/ejabberd_config.erl"},{line,646}]},{lists,foldl,3,[{file,"lists.erl"},{line,1262}]},{ejabberd_config,read_file,2,[{file,"src/ejabberd_config.erl"},{line,162}]},{ejabberd_config,start,0,[{file,"src/ejabberd_config.erl"},{line,60}]}]}}}},[{application_master,init,4,[{file,"application_master.erl"},{line,134}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}]}
    ancestors: [<0.36.0>]
    messages: []
    links: [<0.36.0>,<0.38.0>,<0.7.0>]
    dictionary: []
    trap_exit: true
    status: running
    heap_size: 1598
    stack_size: 27
    reductions: 189
  neighbours:

***********************************************************

(Continue reading)

jacob jabber | 18 Jun 13:34 2016
Picon

Re: ejabberd Digest, Vol 155, Issue 9

I using tcp loadbalancer between clients and chat servers and chat server detect loadbalancer IPs as attacker. client IPs are not sent to chat servers.

On Sat, Jun 18, 2016 at 1:30 PM, <ejabberd-request <at> jabber.ru> wrote:
Send ejabberd mailing list submissions to
        ejabberd <at> jabber.ru

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.jabber.ru/mailman/listinfo/ejabberd
or, via email, send a message with subject or body 'help' to
        ejabberd-request <at> jabber.ru

You can reach the person managing the list at
        ejabberd-owner <at> jabber.ru

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ejabberd digest..."


Today's Topics:

   1. Prevent brute force attacks on ejabberd server (jacob jabber)
   2. Re: Prevent brute force attacks on ejabberd server
      (Evgeny Khramtsov)


----------------------------------------------------------------------

Message: 1
Date: Sat, 18 Jun 2016 10:06:14 +0430
From: jacob jabber <ejabberd.jacob <at> gmail.com>
To: ejabberd <at> jabber.ru
Subject: [ejabberd] Prevent brute force attacks on ejabberd server
Message-ID:
        <CAOY1yjDp81RbJ_z2-8_1JoYiSmvxqNLZnUudYOO3LRXnBf_9YA <at> mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi. how to prevent brute-force attacks on ejabberd server when
authentication failures are detected? I want to ban users not IPs.
mod_fail2ban banned IPs. Is another way to prevent brute force attacks?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20160618/27d7e212/attachment-0001.html>

------------------------------

Message: 2
Date: Sat, 18 Jun 2016 09:48:21 +0300
From: Evgeny Khramtsov <xramtsov <at> gmail.com>
To: ejabberd <at> jabber.ru
Subject: Re: [ejabberd] Prevent brute force attacks on ejabberd server
Message-ID: <20160618094821.59f9451d <at> zinid.ru>
Content-Type: text/plain; charset=US-ASCII

Sat, 18 Jun 2016 10:06:14 +0430
jacob jabber <ejabberd.jacob <at> gmail.com> wrote:

> Hi. how to prevent brute-force attacks on ejabberd server when
> authentication failures are detected? I want to ban users not IPs.
> mod_fail2ban banned IPs. Is another way to prevent brute force
> attacks?

When authentication fails what else info do you have except IP?


------------------------------

Subject: Digest Footer

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd


------------------------------

End of ejabberd Digest, Vol 155, Issue 9
****************************************



--

Best Regards
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
jacob jabber | 18 Jun 07:36 2016
Picon

Prevent brute force attacks on ejabberd server

Hi. how to prevent brute-force attacks on ejabberd server when authentication failures are detected? I want to ban users not IPs. mod_fail2ban banned IPs. Is another way to prevent brute force attacks?


_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
samad khadivar | 14 Jun 16:23 2016
Picon

real online users

hi. I have a ejabberd cluster includes 5 nodes and when get online users  this returns nil priority  for some users. users that have this value are not online unless user also has zero priority value .

/opt/ejabberd-16.02/bin/ejabberdctl connected_users_info 

[<<"user1">>,64,<<"domain.com">>,47,<<6120c16d9abd2">>] c2s_compressed_tls 192.168.1.35 9243 nil ejabberd <at> 192-168-11-13 72253
[<<"user1">>,64,<<"domain.com">>,47,<<"12be3db9a97f585">>] c2s_compressed_tls 192.168.1.34 56023 nil ejabberd <at> 192-168-11-9 82538
[<<"user3">>,64,<<"domain.com">>,47,<<"f31fac426badc58">>] c2s_compressed_tls 192.168.1.36 11287 nil ejabberd <at> 192-168-10-9 160897
[<<"user3">>,64,<<"domain.com">>,47,<<"a451ba79aa1e2b">>] c2s_compressed_tls 192.168.114.38 4637 nil ejabberd <at> 192-168-14-17 179037
[<<"user5">>,64,<<"domain.com">>,47,<<"de7081c7d0b029">>] c2s_compressed_tls 192.168.114.35 49083 nil ejabberd <at> 192-168-13-13 25779
[<<"user3">>,64,<<"domain.com">>,47,<<"833f23a58e4063">>] c2s_compressed_tls 192.168.114.38 18691 nil ejabberd <at> 192-168-14-17 67830
[<<"user1">>,64,<<"domain.com">>,47,<<"8a9d66076fa5243">>] c2s_compressed_tls 192.168.114.38 26421 nil ejabberd <at> 192-168-14-17 90711
[<<"user1">>,64,<<"domain.com">>,47,<<"155fee41b0847e0">>] c2s_compressed_tls 192.168.114.38 34717 nil ejabberd <at> 192-168-114-17 152550
[<<"user3">>,64,<<"domain.com">>,47,<<"6120c16d7abd2">>] c2s_compressed_tls 192.168.114.35 9243 nil ejabberd <at> 192-168-13-11 72431
[<<"user3">>,64,<<"domain.com">>,47,<<"12be3db9a97f585">>] c2s_compressed_tls 192.168.114.34 56023 nil ejabberd <at> 192-168-13-14 82716
[<<"user1">>,64,<<"domain.com">>,47,<<"80f8b492e4ccb9f">>] c2s_compressed_tls 192.168.114.37 14420 0 ejabberd <at> 192-168-14-13 262
[<<"user3">>,64,<<"domain.com">>,47,<<"_5473c37286ee607">>] c2s_compressed_tls 192.168.114.39 28717 0 ejabberd <at> 192-168-14-65 295
[<<"user5">>,64,<<"domain.com">>,47,<<"adddec2f856c5d6">>] c2s_compressed_tls 192.168.114.35 14852 0 ejabberd <at> 192-168-13-13 431

result of /opt/ejabberd-16.02/bin/ejabberdctl connected_users_number is no real.  what is the meaning of nil value? why?

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
samad khadivar | 14 Jun 15:43 2016
Picon

mod_mam: case_clause error


hi, in ejabberd 16.02  when I using assume_mam_usage: if_enabled for mam config it returns this error 

  mod_mam:
    assume_mam_usage: if_enabled
    default: always
    cache_size: 100000
    cache_life_time: 3600


2016-06-12 11:58:51.539 [error] <0.20724.1> <at> ejabberd_hooks:run_fold1:368 {{case_clause,{archive_prefs,{<<"user1">>,<<"domain.com">>},always,[],[]}},[{mod_mam,message_is_archived,5,[{file,"src/mod_mam.erl"},{line,354}]},{ejabberd_hooks,safe_apply,3,[{file,"src/ejabberd_hooks.erl"},{line,382}]},{ejabberd_hooks,run_fold1,4,[{file,"src/ejabberd_hooks.erl"},{line,365}]},{ejabberd_c2s,'-handle_unacked_stanzas/1-fun-6-',8,[{file,"src/ejabberd_c2s.erl"},{line,2918}]},{lists,foreach,2,[{file,"lists.erl"},{line,1336}]},{ejabberd_c2s,terminate,3,[{file,"src/ejabberd_c2s.erl"},{line,1803}]},{p1_fsm,terminate,8,[{file,"src/p1_fsm.erl"},{line,740}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}
running hook: {message_is_archived,[{state,{socket_state,ezlib,{zlibsock,fast_tls,{tlssock,#Port<0.47476>,#Port<0.47495>},#Port<0.47539>},<0.20723.1>},ejabberd_socket,#Ref<0.0.4.219723>,false,<<"17644652947291914606">>,undefined,c2s,c2s_shaper,true,true,false,true,[verify_none,compression_none,{protocol_options,<<"no_sslv3">>},{certfile,<<"/opt/ejabberd-16.02/conf/server.pem">>}],true,{jid,<<"user">>,<<"domain.com">>,<<"Android_bc7104214a409f89">>,<<"user">>,<<"domain.com">>,<<"Android_bc7104214a409f89">>},<<"user">>,<<"domain.com">>,<<"Android_bc7104214a409f89">>,{{1465,715862,453492},<0.20724.1>},{23,{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user1">>,<<"domain.com">>,<<>>},nil,nil},nil},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil},nil}},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user2">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil},nil},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil},nil}}},{{<<"user3">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil},nil},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user4">>,<<"domain.com">>,<<>>},nil,nil},nil}},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil},nil},{{<<"user5">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil},nil}}}}},{41,{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user6">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil},nil},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user7">>,<<"domain.com">>,<<>>},nil,nil},nil}},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil},nil},{{<<"user8">>,<<"domain.com">>,<<>>},nil,nil}}},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user9">>,<<"domain.com">>,<<>>},nil,nil},nil},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil}},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user10">>,<<"domain.com">>,<<>>},nil,nil},nil},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil}}}},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user11">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil},nil},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user12">>,<<"domain.com">>,<<>>},nil,nil},nil}},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},nil,nil},nil},{{<<"user13">>,<<"domain.com">>,<<>>},nil,nil}}},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user">>,<<"domain.com">>,<<>>},{{<<"user...">>,...},...},...},...}}}},...},...]}
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Gaurav Jain | 11 Jun 10:23 2016
Picon

error 503/service-unavailable in one-to-one messaging

During testing various network connection use cases, I encounter a problem I do not fully understand.

* Its a 1 x 1 message (not MUC message)

* user1 sends a message to user2

* user2 is in the process of connecting to server (not fully connected yet)

* user1 gets an error message back (503/service-unavailable)

My understanding was:

* if user2 is not connected, the message from user1 will become offline. 

* when user2 is connected, the offline message will be delivered

* It does work like that 99% of time except 1-2 times.


 Can you please tell under which circumstances 503 is returned for user2?


 ----------------------------------------------

SEND: <message type="chat" to="user2 <at> developer.com" id="someID"><body>Testing Testing</body><thread>123</thread><active xmlns="http://jabber.org/protocol/chatstates"/></message>

RECV: <message xmlns="jabber:client" from="user2 <at> developer.com" to="user1 <at> developer.com" type="error" id="someID"><body>Testing Testing</body><thread>123</thread><active xmlns="http://jabber.org/protocol/chatstates"/><error code="503" type="cancel"><service-unavailable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error></message>

 ----------------------------------------------


_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Gerhard Schmidt | 9 Jun 08:20 2016
Picon

Very Strange Problem with ejabberd 16.03 and muc

HI,

some of our users report that there are some strange problems with the
muc part of our server.

I have tested the muc server an discoverd that once a user was in a
conference and left they are unable to join again

I'm running ejabberd 16.03 with erlang 18.3.3 on two FreeBSD 10.3
servers in a cluster.

The problem seams to have started when we upgraded from ejabber 15.07
and erlang 18.2.2 to the actual configuration.

the only error message i can find are messages like this

2016-06-09 08:01:37.498 [error] emulator Discarding message
{route,{jid,<<"estartu">>,<<"mytum.de">>,<<"Office">>,<<"estartu">>,<<"mytum.de">>,<<"Office">>},{jid,<<"wosintern">>,<<"conference.mytum.de">>,<<"estartu">>,<<"wosintern">>,<<"conference.mytum.de">>,<<"estartu">>},{xmlel,<<"presence">>,[{<<"to">>,<<"wosintern <at> conference.mytum.de/estartu">>},{<<"type">>,<<"unavailable">>}],[]}}
from <0.13536.1> to <0.6097.3> in an old incarnation (2) of this node (1)

I am really get quite a view of them in the error.log

any help is greatly appreciated as the usage of the muc service is not
possible right now.

Regards
   Gerhard

--

-- 
----------------------------------------------------------
Gerhard Schmidt                | E-Mail: schmidt <at> ze.tum.de
Technische Universit√§t M√ľnchen | Jabber: estartu <at> ze.tum.de
WWW & Online Services          |
Tel: +49 89 289-25270          | PGP-PublicKey
Fax: +49 89 289-25257          | on request
Attachment (schmidt.vcf): text/x-vcard, 407 bytes
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Randy Bush | 6 Jun 15:53 2016

tls and jabber.org and google

i have to provide connections to google and jabber.org.

    ## If TLS is compiled in and you installed a SSL
    ## certificate, specify the full path to the
    ## file and uncomment these lines:
    ##
    certfile: "/etc/ejabberd/ejabberd.pem"
    ## starttls: true
    ##
    ## To enforce TLS encryption for client connections,
    ## use this instead of the "starttls" option:
    ##
    starttls: true
    starttls_required: true

for s2s, i currently have

    ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
    ## Allowed values are: false optional required required_trusted
    ## You must specify a certificate file.
    ##
    #s2s_use_starttls: required
    s2s_use_starttls: false

    ##
    ## s2s_certfile: Specify a certificate file.
    ##
    s2s_certfile: "/etc/ejabberd/ejabberd.pem"

    ## Custom OpenSSL options
    ##
    s2s_protocol_options:
       - "no_sslv3"
    ##   - "no_tlsv1"

this allows google but users report no buddies at jabber.org

anyone understand this better than i?  thanks.

randy
gerbra | 5 Jun 05:28 2016
Picon
Gravatar

my favourite stuff

Hello,

 

Just take a quick look at my favourite stuff, you're gonna love it! More here http://nkechipryki.africansview.org/aeosq

 

Wishes, gerbra <at> gotadsl.co.uk

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Xen-users | 29 May 10:27 2016
Picon
Gravatar

some new stuff

Hey, Don't miss up this new stuff, you're going to be delighted, read more here http://wychyfrospi.rosenwaldschoolsfilm.org/lnnonzwx

 

Xen-users

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Steven Livingstone | 24 May 17:36 2016
Gravatar

Redis Cluster Mode

Hi - I have managed to set up a 3 node Redis master/master/master
cluster and after a bit of reading, managed to get redis-cli working
with it .... so long as I pass the "-c" flag to enable cluster mode.

However, when I try to use it in ejabberd, i get errors:

 <at> ejabberd_sm_redis:clean_table:204 failed to clean redis table for
server domain.local: {error,<<"MOVED 10777 10.0.0.41:6379">>}

 <at> ejabberd_sm_redis:set_session:79 failed to set session for redis:
[{ok,<<"1">>},{error,<<"MOVED 10777 10.0.0.41:6379">>}]

How can I enable cluster mode from the ejabberd redis client? Is this
supported yet?

It feels very strange to me that i need to enable this on the client
side but i assume there is Redis logic to it.

If there is not a way to do it in config, has anyone added a hack to
get this working? I am thinking that HA proxy in the middle could
maybe pass a header to the redis backend to enable this mode ... tho
not sure what that header would need to be.

many thanks,
steven

Gmane