Hope everyone is doing alright. This is the second day in a row, I wake up from the PBX system with SIP and SSH bans. Yesterday I logged in and saw the firewall disabled and thought it was I who left the firewall off. Once I turned it on, everything became quite again. Today, I wake up to the same thing. Firewall disabled again and i’m getting attacked again. Not sure what’s is going on. I’m about to update YUM and also change my passwords (which are randomly generated).
I’d like to figure out why the firewall is being disabled and what I can do to mitigate further attacks.
I also see this error message:
There was an error updating certificate “pbx.xxxx.xxx”: REMOTE_ADDR didn’t parse -
Things I’ve done recently (in order):
- Installed the GraphQL Module (Jul 5th)
- Moved Sangoma phones to VPN (Aug 1st and Aug 2nd)
- Updated all modules that had updates available (Aug 1st)
PBX Version: 220.127.116.11
PBX Distro: 12.7.6-2002-2.sng7
Asterisk Version: 16.9.0
System Firewall: 18.104.22.168