Every morning this week I have woken to an email stating that:
The IP xxx.xxx.xxx.xxx has just been banned by Fail2Ban after 5 attempts against PBX-GUI on
My worry is how someone is getting to the gui as I don’t have http or HTTPS ports open and I use a VPN to manage the PBX. VPN doesn’t appear compromised. What I also find odd is that intrusion detection it does not list this IP as being banned, and I have set it (I thought) to ban for 1530000000 seconds (excessive perhaps), so how come everyday they get to try again? I’m obviously configuring the wrong thing, but I’m not sure where the right thing is. Ha ha. Thanks in advance for any advice.