Bruteforce attack (manager.c)


(Lucas) #1

Hello everyone,

I ask your help because I am victim of bruteforce attack attempts. I followed a guide on computingforgeeks.com to secure my server against bruteforce attack.

On Asterisk Logfile I can found this :
[2020-04-10 09:31:05] NOTICE[19549] manager.c: 167.71.71.30 tried to authenticate with nonexistent user ‘livechat’
[2020-04-10 09:31:05] NOTICE[19549] manager.c: 167.71.71.30 failed to authenticate as ‘livechat’
[2020-04-10 09:31:05] NOTICE[19550] manager.c: 204.48.26.95 tried to authenticate with nonexistent user ‘ripencc’
[2020-04-10 09:31:05] NOTICE[19550] manager.c: 204.48.26.95 failed to authenticate as ‘ripencc’

I have Debian 9 with fail2ban. On thie file "Module: “Asterisk Logfiles”, File: “/var/www/html/admin/modules/logfiles/etc/logger.conf altered” I added : fail2ban => notice, security

My jail:
[asterisk]
enabled = true
ignoreip = myPublicIP
filter = asterisk
action = iptables-allports[name=asterisk, protocol=all]
logpath = /var/log/asterisk/fail2ban
findtime = 7200
maxretry = 3
bantime = 864000

Could you help me to complete the secure ?

Thank


#2

You need to block tcp/5038 on your firewall or not have manager.conf bind to 0.0.0.0, or add a regex to detect ‘manager’ misbehavior detection to fail2ban


(system) closed #3

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.