I have a log full of
[2020-09-05 09:21:02] NOTICE: chan_sip.c:29029 handle_request_register: Registration from ‘“460” sip:[email protected]’ failed for ‘184.108.40.206:6457’ - Wrong password
What can I do to block such access automated? Shouldn’t fail2ban block this (or other IPs)?
fail2ban will add a host to iptables if:-
A) There is a jail defined and enabled and watching relevant log file
B) There are regexes in that jail’s ‘filter’ that match the suspected infraction
C) That infraction happened more the “maxretry” times within any “findtime”
fail2ban creates a log file itself that show what jail’s are started, what IP’s are “Noticed” (not enough retries within findtime) and what and when anything is banned. there is a program ‘fail2ban-regex’ that can audit all the above.
Does Admin -> System Admin -> Intrusion Detection show Running status? Any banned IPs?
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.