I have been noticing, one by one, the multiple different servers I manage, a particular security concern. I use the fail2ban and I have it send me emails on attempts. The pattern I have noticed is I will receive emails of attempts that were banned, multiple ones in a row. When I log onto the server to check the status of it, I see right away that the firewall is disabled! I check on these frequently, at least once a week and I know they are always enabled and running. I enable the firewall, and monitor it afterwards, and there are no problems after that happens. But this has happened to three different FreePBX systems I manage. I don’t know if it’s coincidence but the only common factor I can see is that all of them had their Let’s Encrypt cert due to renew. They still had nearly a month left, so they were still valid, but there was a security message indicating it was due to for renewal and it hadn’t processed automatically yet. When I manually update the certificate, it processes normally and shows it is updated. I run this after the firewall was re-enabled. I do not know if this is a bug with this particular series of events, but as I mentioned, it has happened on multiple different servers. Any ideas?
They are all running the following versions:
Firewall Module 22.214.171.124
Certificate Manager Module 126.96.36.199
Yep, same here. Firewall is disabled every single morning and thousands of attempted fraud calls and etc. This is just crazy, it’s been almost a week since first reports! It was working just fine a couple weeks back and then bam. I am also using their Distro and I see the bug report is minor and resolved already. ITS NOT RESOLVED SANGOMA!!! I have a couple customers wanting to ditch this system due to all the issues recently.
FIX YOUR Code!!
This bug report is what Im talking about. Oh, and even on Edge track newest version of CertManager is only 188.8.131.52, regardless as .4 doesnt fix the problem either from the posts and reports so far. https://issues.freepbx.org/browse/FREEPBX-21683