Hello,
I have a log full of
[2020-09-05 09:21:02] NOTICE[6927]: chan_sip.c:29029 handle_request_register: Registration from ‘“460” sip:[email protected]’ failed for ‘45.148.121.18:6457’ - Wrong password
What can I do to block such access automated? Shouldn’t fail2ban block this (or other IPs)?
A) There is a jail defined and enabled and watching relevant log file
B) There are regexes in that jail’s ‘filter’ that match the suspected infraction
C) That infraction happened more the “maxretry” times within any “findtime”
fail2ban creates a log file itself that show what jail’s are started, what IP’s are “Noticed” (not enough retries within findtime) and what and when anything is banned. there is a program ‘fail2ban-regex’ that can audit all the above.