Problems with the brute force sip accounts there for years. There is also an effective method to reduce the risks of being hacked. The installation and configuration fail2ban. But the trouble is that with the releases of Asterisk versions or freepbx not change ip address mapping of the attackers. ater all, the Problem is global.
What is the reason of inaction developers? I have one version: the expectation that users will go for paid support. That is deliberately retained a problem in releases. It is difficult to explain in another way.
This greatly discredits the developers, because it is not about additional opportunities but it is about the basic security. You can not cash in on other people’s problems, especially creating them.
NOTICE[C-00000086] chan_sip.c: Sending fake auth rejection for device 1022sip:[email protected];tag=5d8b6f92