This morning we had hackers from Palestine trying to make incoming anonymous connections to PJSIP. This is not unusual, and I use the fail2ban log file to trigger immediate bans on the IP’s.
But today, something different happened. They came in and tried to make the usual calls, but the fail2ban log has no record of them. Not a single line. It continues to report all my users connecting but it completely missed these hackers. The previous hacker was 6 hours ago and it logged that. No settings have changed.
I found the current hackers by manually searching my edge firewall. The call attempts are in the “full” log, but fail2ban log says nothing.